[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libvir] Re: Should we settle on one SSL implementation?



On Mon, 2007-10-22 at 14:47 +0100, Richard W.M. Jones wrote:
> Bernardo Innocenti wrote:
> > I remember this topic being discussed some time ago,
> > but software is fluid and maybe it's time to respin
> > the topic.
> > 
> > It would seem a worthwhile goal to unify SSL/TLS
> > implementations like we did for spell checkers.
> > Or, if it turns out to be too hard, at least it would
> > be nice to their pki files.
> 
> I've asked whether we have a standard layout for /etc/pki before, but no 
> one seems to know.
> 
> > We're now shipping no less than 4 different implementations
> > of SSL:
> > 
> > - openssl (OpenBSD's implementation)
> > - nss (Netscape's implementation)
> > - gnutls (LGPL implementation)
> > - puretls (Java implementation)
> 
> Make that at least five - ocaml-ocamlnet has a pure-OCaml SSL impl.  I'm 
> sure Perl & Python probably have their own too.
> 
> > But which one should replace the others?
> 
> When we implemented encryption in libvirt, we chose gnutls because it 
> has excellent examples which allow you to actually write code to use it 
> in a short period of time.  The others have (or we perceived them to 
> have) hideous, confusing or undocumented APIs.

While I'm currently grumpy at gnutls (on debian actually, which is
running 2.0), I do agree it's API and read/write callbacks make
integrating into an existing event system very nice.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]