On Sat, Oct 04, 2014 at 07:15:08 +0200, Max Kellermann wrote: > One more thing: I would prefer OpenSSL over GnuTLS any day. A few > years ago, I had to switch a (daytime) project from GnuTLS to OpenSSL > because GnuTLS was too bad.
This is what I was looking for; I don't know when I'll get the chance to work on it, but I thought I'd ask before starting any work on it. > However: OpenSSL's license is not compatible with MPD's. While > writing the code would be legal, and it would be legal for users to > use MPD that way, distributions would be disallowed to publish MPD > binaries linked with OpenSSL. Bleh. Only Debian really does this though, right? I think Red Hat and Fedora both say that OpenSSL is part of the system and that's that (similar to how the Microsoft C Runtime is "compatible"). Not sure what other "major" binary distros say. > I have no experience with other TLS libraries. But maybe TLS isn't > the right choice due to its untamable complexity? Is there a modern > (and secure) alternative that is lightweight and easy to do right? SSH + socat I guess ;) . Less "modern" I suppose, but probably more secure than trusting arbitrary CA entities (with DNSSEC and SSHFP entries in DNS at least). --Ben _______________________________________________ mpd-devel mailing list [email protected] http://mailman.blarg.de/listinfo/mpd-devel
