Bug#733295: gnutls-bin: please compile GnuTLS with DANE support

Andreas Metzler ametzler at bebt.de
Sat Dec 28 12:45:20 UTC 2013

tags 733295 wontfix

On 2013-12-28 Marius Gavrilescu <marius at ieval.ro> wrote:
> Package: gnutls-bin
> Version:
> Severity: wishlist

> GnuTLS is currently built without DANE support.

>   [10:49:17] 0 marius at mgvx:~$ danetool --check=www.nic.cz
>   This functionality was disabled (GnuTLS was not compiled with support for DANE).


libdane requires and links against libunbound. libunbound OTOH is
linked against OpenSSL's libssl on Debian[1]. Therefore libdane and
any program using it ends up being dynamically linked against both
libssl (OpenSSL license) and GnuTLS (LGPLv3+ via gmp).

The result is not very useful, since it is e.g. GPL-incompatible (even
danetool(1) is GPLv3+). Apart from that it is more than a little bit
ugly that libdane customers end up being linked against two different
major TLS toolkits.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Pkg-gnutls-maint mailing list