[Pkg-openldap-devel] GnuTLS and OpenLDAP
Steve Langasek
vorlon at debian.org
Sat Jan 28 00:55:46 UTC 2006
On Fri, Jan 27, 2006 at 04:31:51PM -0800, Quanah Gibson-Mount wrote:
> I discussed the 2.1 GnuTLS patch against OL with one of their primary
> developers today, who looked at putting in support for GnuTLS to OpenLDAP
> as a client request for the company he works for. He had the following
> observations/comments (This is snipped from an IM conversation, so ignore
> the formatting. :P ):
> the interface to liblber / sockbufs was poor, there was no support for SASL
> EXTERNAL, some other problems
> It looks to me like the GNUtls API has grown a bit since that patch was
> submitted, and the missing features could be written a bit more cleanly
> today.
> but there's a fair amount of boilerplate that OpenSSL provides that we
> would have to write for GNUtls. e.g., OpenSSL does certificate
> verification implicitly during a handshake; with GNUtls your app has to
> have code to explicitly walk through the steps. GNUtls has some kind of
> an OpenSSL compatibility wrapper; I never looked into it to see how much
> they provide. it's possible that the necessary framework is in that
> compatibility wrapper, I don't know offhand.
The problem is that the OpenSSL compatibility wrapper is licensed under the
GPL, not the LGPL, giving us a mirror image of the previous licensing
problems...
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060127/c323615b/attachment.pgp
More information about the Pkg-openldap-devel
mailing list