Hi Modestas, On Sat, Feb 12, 2005 at 02:26:10PM +0200, Modestas Vainius wrote: > > You know that the OpenSSL compat layer has nearly identical issues to > > the OpenSSL lib itself? The old patch did not use it because of them. > The only problems I'm aware of are licensing issues. Compat layer is licensed > under GPL, isn't it? Are there any other issues?
I am not a lawyer. I only remember that debian-legal found out that we
can't link OpenLDAP against OpenSSL and that the GnuTLS compat layer is
also not a solution.
Basically I don't think we need a compat layer anyway as tls.c is all in
OpenLDAP that knows about TLS (not counting that few hacks in other
places) and it does not use much of OpenSSL. Therefore I think the best
idea is to just use GnuTLS directly.
> Actually, compat layer is quite crappy by itself. I've just taken some ideas
> from it.
Good.
> What direction are you going? Are you rewriting tls.c and other parts of
> OpenLDAP code implementing OpenSSL API or try to simulate OpenSSL behavior
> (produce compatibility layer)? I've gone the latter way although some
> functions are almost impossible to simulate.
I am going the first way. I think simulating OpenSSL via GnuTLS creates
more problems than it solves. Therefore I am accessing GnuTLS directly.
> > Your help is of course very welcome, I'd like to join forces to get this
> > up and running.
> No problem. I could help.
Fine!
> > I could move my current working tree to svn.debian.org
> > or something if needed.
> This would be grate.
Done. It is available at
svn://svn.debian.org/svn/pkg-openldap/projects/ldap-tls/trunk
I can enable write access if you got an alioth account.
Greetings
Torsten
signature.asc
Description: Digital signature
