Tom Lane wrote:

What basically bothers me about this is that trying to support both the
OpenSSL and GNUTLS APIs is going to be an enormous investment of
development and maintenance effort, because it's such a nontrivial thing
Fascinating thread for the holidays. I found it interesting that nobody has mentioned NSS (former Netscape SSL library). It has its own bag of problems of course, but for me is potentially more attractive than GNU TLS. e.g. it has FIPS-140 certification and is actively under development by a software company with significant resources. It's also very widely deployed. I'm not saying that OpenSSL is bad (it'd probably be my
first choice), just that there is another option besides GNU TLS.

BTW, if I may throw more gas on the licence debate flames -- the OpenLDAP client library depends on OpenSSL, and almost everything depends on OpenLDAP (e.g. PAM, SASL, any LDAP-enabled app). In 2003 Steven Frost submitted patches to the OL code to add GNU TLS support, but as far as I can tell that code is still not in the current OpenLDAP
tree. Perhaps Steven could tell us what happened to that effort.

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to