Hi Modestas, On Sat, Feb 12, 2005 at 02:26:10PM +0200, Modestas Vainius wrote: > > You know that the OpenSSL compat layer has nearly identical issues to > > the OpenSSL lib itself? The old patch did not use it because of them. > The only problems I'm aware of are licensing issues. Compat layer is licensed > under GPL, isn't it? Are there any other issues?
I am not a lawyer. I only remember that debian-legal found out that we can't link OpenLDAP against OpenSSL and that the GnuTLS compat layer is also not a solution. Basically I don't think we need a compat layer anyway as tls.c is all in OpenLDAP that knows about TLS (not counting that few hacks in other places) and it does not use much of OpenSSL. Therefore I think the best idea is to just use GnuTLS directly. > Actually, compat layer is quite crappy by itself. I've just taken some ideas > from it. Good. > What direction are you going? Are you rewriting tls.c and other parts of > OpenLDAP code implementing OpenSSL API or try to simulate OpenSSL behavior > (produce compatibility layer)? I've gone the latter way although some > functions are almost impossible to simulate. I am going the first way. I think simulating OpenSSL via GnuTLS creates more problems than it solves. Therefore I am accessing GnuTLS directly. > > Your help is of course very welcome, I'd like to join forces to get this > > up and running. > No problem. I could help. Fine! > > I could move my current working tree to svn.debian.org > > or something if needed. > This would be grate. Done. It is available at svn://svn.debian.org/svn/pkg-openldap/projects/ldap-tls/trunk I can enable write access if you got an alioth account. Greetings Torsten
signature.asc
Description: Digital signature