On Fri, 2012-01-06 at 01:39 +0100, Andreas Oberritter wrote: > On 05.01.2012 22:30, Andrei Gherzan wrote: > > From: Andrei Gherzan <[email protected]> > > > > CONFIG_GNUTLS_EXTRA is needed as support for TLS/IA which was designed to > > be used > > in the EAP-TTLSv1. As we don't see any requirement for that protocol today > > we decided > > to remove it from wpa-supplicant .config file. > > With this option removed, is there any reason to prefer GnuTLS over > OpenSSL? OpenSSL is wpa-supplicant's default, and at least Ubuntu uses > OpenSSL with it, too. I guess it's tested more thoroughly than GnuTLS.
OpenSSL's license can be a nuisance at times because it is incompatible with the GPL. In the particular case of wpa-supplicant it doesn't present a massive problem since wpa-supplicant itself is dual-licensed and you can just ship the binaries under the BSD license instead. However: a) you might want to modify wpa-supplicant by linking it with GPL code, which would require the resulting binary to also be distributed under the GPL (and hence prohibit the use of openssl); or b) you might already be using GnuTLS elsewhere on the system (e.g. for other programs which are GPL-only or simply don't include support for OpenSSL at a technical level). In this case you probably want to link wpa-supplicant with GnuTLS as well so as to avoid shipping more SSL libraries than necessary. So, ideally, I think the choice as to whether OpenSSL or GnuTLS is preferred should be a DISTRO_FEATURE, and/or a PACKAGECONFIG option for wpa-supplicant. p. _______________________________________________ Openembedded-core mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-core
