Am Donnerstag 14 Juni 2007 21:34 schrieb Bernhard Herzog:
> I've committed the first step to migrate the code of libopenvas from
> OpenSSL to GnuTLS. The stream functions in network.c now use GnuTLS
> instead of OpenSSL for ssl/tls transport encapsulation. I've not tested it
> very well, but a simple test program that directly uses
> open_stream_connection, write_stream_connection, read_stream_connection,
> and close_stream_connection to do simple https requests seems to work fine.
thanks a lot for this big step!
> There are some problems that still need to be solved, though:
>
> 1. Use of OpenSSL outside of openvas-libraries
>
> openvas-libraries has some API functions that deal directly with types
> from OpenSSL. These functions are used in the openvas code outside of
> openvas-libraries and the code there also uses OpenSSL directly:
hm, this is not a clean way IMHO.
> openvas-server/openvasd/openvasd.c
>
> Uses OpenSSL directly to create an SSL server socket and uses
> nessus_register_connection to make it usable with the libopenvas
> stream API. This code will not work at the moment.
>
> So far, libopenvas can only create client sockets. Since openvasd
> is the only program using libopenvas with server sockets, it's
> probably not necessary to move the creation of ssl server sockets
> to libopenvas. OTOH, it would be a bit cleaner.
yes, the actualy SSL implementation should be encapsulated in
openvas-libraries. openvas-server should not use a type ot method
of the actual SSL library at all.
> openvas-plugins/plugins/ssl_ciphers/ssl_ciphers.c: plugin_run
>
> This is the only place where stream_get_ssl is called. The code
> uses the ssl context to gather information about the certificates
> used. The code will still work in the sense that it shouldn't
> crash, it simply will not gather any of the certificate
> information.
This is something that is solved anyway while completing the
migration to GNU/TLS?
> 2. libopenvas still requires openssl
>
> As a result of 1. libopenvas is still compiled with openssl and programs
> linking against libopenvas still also have to link libssl.
> libopenvas-config does not provide the necessary flags for this anymore.
> This is an intermediate problem, though that will go away, once the
> OpenSSL support has been removed completely.
good.
Best
Jan
_______________________________________________
Openvas-devel mailing list
[email protected]
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
