On Fri, May 17, 2019 at 02:13:46PM +0200, Harald Dunkel wrote:
> Hi Gilles,
> 

Hi,

> I understand that ssl support is a highly complex issue, making it
> necessary to focus and to get rid of the cruft.
> 
> It would be a pity if opensmtpd becomes "OpenBSD-only", though.
> 

I agree and being the one in charge of portable OpenSMTPD these days you
can trust me that I'm highly annoyed by this situation because I wish we
were available to everyone.

I should clarify something:

I didn't wake up in a mood to kill OpenSSL support in OpenSMTPD. I built
OpenSMTPD on a range of machines and realized that, again, I had made no
change to the TLS layer but build was broken on half the machines. I did
not remove the support, it removed itself when a new version came and it
broke existing code. After spending two days trying to unbreak things, I
decided to put a stop to this madness and remove all of OpenSSL-specific
kludge, ifdefs and autoconf pieces. If OpenSSL can be made to work so we
don't have to keep adding conditional tests here and there, I'll be more
than happy, in the meanwhile I'm not taking the extra load of work.

LibreSSL can be built on machines with OpenSSL and coexist, I've done it
on several systems (FreeBSD and various Linux distros) so my take now is
that there's no reason not to package it as an alternative and OpenSMTPD
can depend on it. There's no good reason not to support both...

To finish, I had someone tell me in private that he did not want to rely
on LibreSSL because he didn't trust it... some of the commits to our TLS
layer were actually done or suggested by the LibreSSL folks. We have the
same code standards, to trust us but not LibreSSL is really absurd :-)

-- 
Gilles Chehade                                                 @poolpOrg

https://www.poolp.org                 tip me: https://paypal.me/poolpOrg

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to