Hi, On Fri, Oct 3, 2014 at 11:05 PM, Ben Boeckel <[email protected]> wrote:
> Has anyone tried communicating to the mpd server over SSL/TLS? Would > patches to do so be accepted? If so, is there a library preference > (OpenSSL, GnuTLS, etc.)? > I am neither for nor against the idea of adding direct TLS wrapping support into the MPD codebase; however, you might want to know that the program stunnel (https://www.stunnel.org/docs.html) can already do this. The advantages of stunnel are the following: 1. No code changes are needed to mpd, which means that mpd's codebase will be simpler and have fewer lines of code to maintain. 2. You can implement this on your own, whether you're running Windows, Mac, Linux, or something else (as long as both stunnel and mpd compile, which they should, since both are fairly portable). It takes about 5 minutes to set it up if you know what you're doing. 3. Crypto code can be a little challenging to get right such that there are no security holes -- configuring OpenSSL or GnuTLS to use the right ciphers, Perfect Forward Secrecy, certificate verification, etc. With stunnel, the entire encryption envelope is handled outside of the mpd codebase, so there's no chance that we could do it in a way that allows unintended MITM or similar to occur. Instead, you rely on the well-tested and mature stunnel codebase. 4. The performance impact of the indirection between stunnel and mpd is quite low on modern UNIX-alike systems, since UNIX domain sockets and localhost IP packets are routed quite efficiently through the system. Certainly with the volume of requests you could expect over the MPD client-server protocol, performance should not be an issue except on the smallest of embedded systems. I have absolutely no intention of dissuading you from wanting to contribute 'native' SSL/TLS support to mpd, but if you were not aware of the above solution and it satisfies your use case, you might not have any motivation to contribute your code once you get it working with stunnel. In that case, I can consider to have saved you a few minutes of time, and am happy to have done so. If you still want to offer to contribute code, that's great! You can ask Max to set up a git account for you and go to town. HTH, Sean > > Thanks, > > --Ben > _______________________________________________ > mpd-devel mailing list > [email protected] > http://mailman.blarg.de/listinfo/mpd-devel >
_______________________________________________ mpd-devel mailing list [email protected] http://mailman.blarg.de/listinfo/mpd-devel
