[Pkg-openldap-devel] GnuTLS and OpenLDAP
Quanah Gibson-Mount
quanah at stanford.edu
Sat Jan 28 00:31:51 UTC 2006
I discussed the 2.1 GnuTLS patch against OL with one of their primary
developers today, who looked at putting in support for GnuTLS to OpenLDAP
as a client request for the company he works for. He had the following
observations/comments (This is snipped from an IM conversation, so ignore
the formatting. :P ):
the interface to liblber / sockbufs was poor, there was no support for SASL
EXTERNAL, some other problems
It looks to me like the GNUtls API has grown a bit since that patch was
submitted, and the missing features could be written a bit more cleanly
today.
but there's a fair amount of boilerplate that OpenSSL provides that we
would have to write for GNUtls. e.g., OpenSSL does certificate
verification implicitly during a handshake; with GNUtls your app has to
have code to explicitly walk through the steps. GNUtls has some kind of
an OpenSSL compatibility wrapper; I never looked into it to see how much
they provide. it's possible that the necessary framework is in that
compatibility wrapper, I don't know offhand.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
More information about the Pkg-openldap-devel
mailing list