
On Mon, 2007-10-22 at 14:47 +0100, Richard W.M. Jones wrote:
Bernardo Innocenti wrote:
I remember this topic being discussed some time ago, but software is fluid and maybe it's time to respin the topic.
It would seem a worthwhile goal to unify SSL/TLS implementations like we did for spell checkers. Or, if it turns out to be too hard, at least it would be nice to their pki files.
I've asked whether we have a standard layout for /etc/pki before, but no one seems to know.
We're now shipping no less than 4 different implementations of SSL:
- openssl (OpenBSD's implementation) - nss (Netscape's implementation) - gnutls (LGPL implementation) - puretls (Java implementation)
Make that at least five - ocaml-ocamlnet has a pure-OCaml SSL impl. I'm sure Perl & Python probably have their own too.
But which one should replace the others?
When we implemented encryption in libvirt, we chose gnutls because it has excellent examples which allow you to actually write code to use it in a short period of time. The others have (or we perceived them to have) hideous, confusing or undocumented APIs.
While I'm currently grumpy at gnutls (on debian actually, which is running 2.0), I do agree it's API and read/write callbacks make integrating into an existing event system very nice. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com