Hayden Roche wrote: > Hi everyone, Hi!
Sure, I've used wolfSSL before, I think it would be nice to have it as a first class option. I'm a bit leery of OpenSSL compatibility layers. LibreSSL tends to confuse all version number checks with theirs, so it's better to avoid that mess if possible. > > I'm a software engineer with wolfSSL, which is a fast, lightweight, and > FIPS-certified TLS implementation written in C. wolfSSL offers an OpenSSL > compatibility > layer that presents the same API as OpenSSL, but under the hood, calls into > wolfSSL and woflCrypt (our crypto library) functions. One of our commercial > users > recently had us port OpenLDAP to use wolfSSL. With some modifications to the > OpenSSL backend code (primarily in tls_o.c), I was able to get OpenLDAP 2.4.47 > building and (to my knowledge) working with wolfSSL's OpenSSL compatibility > layer. I recently reached out on your IRC channel to see if there was any > interest > in supporting wolfSSL as a TLS backend for OpenLDAP upstream and was directed > to this mailing list (thanks JoBbZ). I was also pointed to this issue in your > issue tracking system, where a developer (Quanah Gibson-Mount) expressed > interest in using wolfSSL: https://bugs.openldap.org/show_bug.cgi?id=9303 > > Is there still interest in getting wolfSSL working with OpenLDAP's latest > version and integrated upstream? If so, I imagine we'd want to make wolfSSL a > first > class citizen among the TLS backends (i.e. rather than using our OpenSSL > compatibility layer and modifying tls_o.c, use wolfSSL's native functions and > create a > new tls_w.c). Looking forward to hearing from you. > > Thanks! > > Hayden Roche > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
