Hi Clint, I didn't check the compatibility layer for TLS/SSL stuff, there is no layer for crypto and hashing. I did a quick hack framework for crypto wrapper (supporting OpenSSL, WolfSSL and GnuTLS) at http://github.com/9EOR9/mrl.
A main difference between OpenSSL and WolfSSL is, that WolfSSL expects always a ca from client - if you don't specify one verification needs to be skipped/turned off explicitly - I'm also not sure if the compatibility layer works well for OpenSSL 1.1 (which had a bunch of incompatible API changes). The best solution for MariaDB would be a wrapper library which could be used by both MariaDB Server and Connector/C - however WolfSSL would not fit for LGPL licensed Connector/C since it's GPL/commercial licensed. Also the GnuTLS compatibility layer didn't work well, another hack/proof of concept for Yassl replacement by GnuTLS can be found at https://github.com/MariaDB/server/tree/10.2-good_bye_yassl. We are aware of all the Yassl problems (no TLS v.1.2 and 1.3, no session ticket support, no session renegotiation, missing ciphers, limited block cipher support, etc) and are working on it. Connector/C 3.0 already supports GnuTLS beside OpenSSL, and SChannel for Windows platforms. /Georg On Thu, Jan 19, 2017 at 7:23 PM, Clint Byrum <spam...@debian.org> wrote: > Excerpts from Georg Richter's message of 2017-01-19 19:06:06 +0100: > > Hi, > > > > WolfSSL has another interface (it's not C++ anymore, but C) and can't > > replace Yassl on the fly. Beside TLS/SSL communication also hash > functions > > and crypto functions need to be migrated. > > > > That's interesting. WolfSSL also has an OpenSSL compatibility layer, > could that be used? > > https://www.wolfssl.com/wolfSSL/Docs-wolfssl-manual- > 13-openssl-compatibility.html > -- Georg Richter, Senior Software Engineer MariaDB Corporation Ab
