Re: Is OpenSSL Production Ready?
On Sat, 6 Apr 2002, Jeffrey Altman wrote: There is an answer to this of course. It is do not link against OpenSSL but instead load the libraries and functions manually as OpenSSL does with the DSO interface. Then the two programs are separate with separate licenses. Thank you! I hadn't thought of that, and it sounds like fun too. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Mon, 8 Apr 2002, Mark H. Wood wrote: On Sat, 6 Apr 2002, Jeffrey Altman wrote: There is an answer to this of course. It is do not link against OpenSSL but instead load the libraries and functions manually as OpenSSL does with the DSO interface. Then the two programs are separate with separate licenses. Thank you! I hadn't thought of that, and it sounds like fun too. Sounds like this would be a great facility to stick into a contrib directory...call it glen--Gnu Linkage ENabler? -- Chris Cleeland, cleeland_c @ ociweb.com, http://www.milodesigns.com/~chris Principal Software Engineer, Object Computing, Inc., +1 314 579 0066 Support Me Supporting Cancer Survivors in Ride for the Roses 2002 Donate at http://www.milodesigns.com/donate __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Fri, Apr 05, 2002 at 08:15:04AM -0500, Mark H. Wood wrote: On Thu, 4 Apr 2002, Lutz Jaenicke wrote: To be precise: according to the OpenSSL license every program that uses the library and advertises its SSL capabilities also must advertise the use of OpenSSL. Actually this is a problem -- it means you can't link OpenSSL libraries with any GPLed code which you intend to distribute. I'm facing the necessity of having to use the not-quite-ready-for-prime-time GNUtls package instead of OpenSSL for a project I'm contemplating, because it builds on an application licensed under the GPL. (And I have no idea how hard it's going to be to get *both* compatibly installed on one box.) IIRC the Ethereal folk have also run up against this problem. I'm not asking for anything at this time; I just wanted to provide a couple of data points. Besides the OpenSSL license itself large parts of the code were written by EAY and his license still applies without any option of the OpenSSL team to influence it as long as EAY does not change his license. The OpenSSL team members are aware of this problem but there is not much we can do for the reason stated above. Best regards, Lutz There is an answer to this of course. It is do not link against OpenSSL but instead load the libraries and functions manually as OpenSSL does with the DSO interface. Then the two programs are separate with separate licenses. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
Richard wrote: brian Does anyone actually use OpenSSL for a production, business brian operation? The are many programs out there that use OpenSSL. A popular one that I use myself is the Opera browser. brian We're having a heck of a time with the FAQ-documented Page brian Could Not Load / DNS Error page failures with IE browsers, brian even after applying the fixes recommended in the FAQ. DNS Error hardly sounds like something SSL-related... Richard: The famous DNS Error or Server not found error message from IE is used whenever there is a failure to connect to a host. This includes such things as CRL location not specified in certificate errors when CRL verification is turned on. There are any number of reasons why this message may be generated. - Jeff Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Re: Is OpenSSL Production Ready?
Thanks Lutz, I just thought a page listing commercial usage (and products) on the website might be helpful. We love to brag about our OpenSSL usage! Mike On Thu, Apr 04, 2002 at 22:28:47PM +0200, Lutz Jaenicke wrote: On Thu, Apr 04, 2002 at 01:31:59PM -0500, Michael Kobar wrote: Perhaps OpenSSL.org should accept and post commercial product names and/or start a voluntary OpenSSL Inside type branding program (like the powered by Apache logo). To be precise: according to the OpenSSL license every program that uses the library and advertises its SSL capabilities also must advertise the use of OpenSSL. Then there is the logo in doc/openssl_button.gif :-) Michael Kobar [EMAIL PROTECTED] Software Engineer 860.434.4018 Lymeware Corporation801.383.9021 fax www.lymeware.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Re: Is OpenSSL Production Ready?
Fine. Then lets just call it Powered by OpenSSL and at least let the Apache Group sue us. But seriously, I do think that some form of branding would be useful. I find it very useful to both promote OpenSSL to potential users/customers and to be able to show that it is widely used in both commercial and open source projects around the world. Just my 2 cents, Mike --- Mark H. Wood [EMAIL PROTECTED] wrote: On Thu, 4 Apr 2002, Michael Kobar wrote: [snip] Perhaps OpenSSL.org should accept and post commercial product names and/or start a voluntary OpenSSL Inside type branding program (like the powered by Apache logo). Watch out for that xxx Inside. I hear that Intel is suing some nonprofit for daring to call themselves Yoga Inside, on the (ludicrous IMHO) grounds that that name harms their trademark. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. Michael Kobar [EMAIL PROTECTED] Software Engineer 860.434.4018 Lymeware Corporation801.383.9021 fax www.lymeware.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Thu, 4 Apr 2002, Michael Kobar wrote: [snip] Perhaps OpenSSL.org should accept and post commercial product names and/or start a voluntary OpenSSL Inside type branding program (like the powered by Apache logo). Watch out for that xxx Inside. I hear that Intel is suing some nonprofit for daring to call themselves Yoga Inside, on the (ludicrous IMHO) grounds that that name harms their trademark. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Thu, 4 Apr 2002, Lutz Jaenicke wrote: To be precise: according to the OpenSSL license every program that uses the library and advertises its SSL capabilities also must advertise the use of OpenSSL. Actually this is a problem -- it means you can't link OpenSSL libraries with any GPLed code which you intend to distribute. I'm facing the necessity of having to use the not-quite-ready-for-prime-time GNUtls package instead of OpenSSL for a project I'm contemplating, because it builds on an application licensed under the GPL. (And I have no idea how hard it's going to be to get *both* compatibly installed on one box.) IIRC the Ethereal folk have also run up against this problem. I'm not asking for anything at this time; I just wanted to provide a couple of data points. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On Fri, Apr 05, 2002 at 08:15:04AM -0500, Mark H. Wood wrote: On Thu, 4 Apr 2002, Lutz Jaenicke wrote: To be precise: according to the OpenSSL license every program that uses the library and advertises its SSL capabilities also must advertise the use of OpenSSL. Actually this is a problem -- it means you can't link OpenSSL libraries with any GPLed code which you intend to distribute. I'm facing the necessity of having to use the not-quite-ready-for-prime-time GNUtls package instead of OpenSSL for a project I'm contemplating, because it builds on an application licensed under the GPL. (And I have no idea how hard it's going to be to get *both* compatibly installed on one box.) IIRC the Ethereal folk have also run up against this problem. I'm not asking for anything at this time; I just wanted to provide a couple of data points. Besides the OpenSSL license itself large parts of the code were written by EAY and his license still applies without any option of the OpenSSL team to influence it as long as EAY does not change his license. The OpenSSL team members are aware of this problem but there is not much we can do for the reason stated above. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
On 02-04-03 23:04:29 CEST, Harald Koch wrote: dbm: style session caching does not work *WITH CLIENT CERTIFICATES*. The client certificate is mangled when it is loaded from the cached session. it works for me. i've got a web server Server: Apache/1.3.17 (Unix) mod_jk mod_ssl/2.8.0 OpenSSL/0.9.6 that requires client certificates and it uses SSLSessionCache dbm:/usr/local/apache-1.3.17/logs/ssl_scache and i can navigate around for as long as the SSLSessionCacheTimeout allows. but i remember that i had to compile it myself and had use --enable-rule=SSL_SDBM because of the standard dbm implementation's limitation. rj __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Is OpenSSL Production Ready?
--- Brian Panulla [EMAIL PROTECTED] wrote: Does anyone actually use OpenSSL for a production, business operation? Yes we do. We have several commercial products which use OpenSSL for SSL, RSA key and X.509 certificate generation and encryption. We have been using it since SSLeay days and have seen significant improvement under the management of the OpenSSL Development team, and the huge traffic on the mailing lists. We have used Consensus SSLplus, RSA BSAFE, and Baltimore KeyTools and have found OpenSSL no harder to use. The one facet of OpenSSL which is both the best and worst of worlds is the availability of multiple levels of APIs. Yea, open source. It is a lot to swallow, especially for a beginner crypto programmer. And we are not the only ones. Stronghold is the famous commercial product using both Apache and OpenSSL. Perhaps OpenSSL.org should accept and post commercial product names and/or start a voluntary OpenSSL Inside type branding program (like the powered by Apache logo). Mike Michael Kobar [EMAIL PROTECTED] Software Engineer 860.434.4018 Lymeware Corporation801.383.9021 fax www.lymeware.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
