Re: New OpenLDAP TLS backend? (wolfSSL)

2021-05-20 Thread Hayden Roche
Hi,

Unfortunately, all my time is allocated to other wolfSSL tasks at the
moment, so I won't be able to work on this for 2.6. This will probably be
the case until a customer of ours comes along requesting a port of OpenLDAP
to wolfSSL, as customer demands drive most of our development. If that
changes, I will let you know, though.

Thanks,

Hayden

On Thu, May 20, 2021 at 9:56 AM Quanah Gibson-Mount 
wrote:

>
>
> --On Thursday, February 25, 2021 1:53 PM -0600 Hayden Roche
>  wrote:
>
> >
> > Quanah and Howard,
> >
> >
> > Thanks for your quick replies! I'm glad to hear there's interest in this.
> > I think 2.6 is a more realistic target, as I'll need to get my boss to
> > allocate time for this work amongst other wolfSSL tasks I've been
> > assigned. Look forward to a merge request in the (hopefully near) future!
>
> The openldap mainline code branch is now open for 2.6 development, so this
> would be a good time for work to start on this item for inclusion.
>
> Regards,
> Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 
>


Re: New OpenLDAP TLS backend? (wolfSSL)

2021-05-20 Thread Quanah Gibson-Mount




--On Thursday, February 25, 2021 1:53 PM -0600 Hayden Roche 
 wrote:




Quanah and Howard,


Thanks for your quick replies! I'm glad to hear there's interest in this.
I think 2.6 is a more realistic target, as I'll need to get my boss to
allocate time for this work amongst other wolfSSL tasks I've been
assigned. Look forward to a merge request in the (hopefully near) future!


The openldap mainline code branch is now open for 2.6 development, so this 
would be a good time for work to start on this item for inclusion.


Regards,
Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:



Re: New OpenLDAP TLS backend? (wolfSSL)

2021-02-25 Thread Hayden Roche
Quanah and Howard,

Thanks for your quick replies! I'm glad to hear there's interest in this. I
think 2.6 is a more realistic target, as I'll need to get my boss to
allocate time for this work amongst other wolfSSL tasks I've been assigned.
Look forward to a merge request in the (hopefully near) future!

Thanks,

Hayden

On Thu, Feb 25, 2021 at 1:17 PM Quanah Gibson-Mount 
wrote:

>
>
> --On Thursday, February 25, 2021 12:38 PM -0600 Hayden Roche
>  wrote:
>
> > (thanks JoBbZ). I was also pointed to this
> > issue in your issue tracking system, where a developer (Quanah
> > Gibson-Mount)
>
> Same person. ;)
>
>
> > Is there still interest in getting wolfSSL working with OpenLDAP's latest
> > version and integrated upstream?
>
> OpenLDAP 2.4 is closed to development.  If you want this in for OpenLDAP
> 2.5, you'll need to get the work in ASAP, otherwise it will have to wait
> for 2.6
>
> Generally:
>
> Sign up for an account on our gitlab instance: https://git.openldap.org
>
> Fork a copy of the openldap repo.
>
> Create a branch for ITS9303 and do the work in that branch
>
> Push the branch
>
> Open a merge request for review
>
> Additionally, you'll need to add an IPR statement to ITS#9303 as
> documented
> at 
>
> A link to the MR should also be put into the ITS.
>
> Regards,
> Quanah
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> 
>


Re: New OpenLDAP TLS backend? (wolfSSL)

2021-02-25 Thread Quanah Gibson-Mount




--On Thursday, February 25, 2021 12:38 PM -0600 Hayden Roche 
 wrote:



(thanks JoBbZ). I was also pointed to this
issue in your issue tracking system, where a developer (Quanah
Gibson-Mount)


Same person. ;)



Is there still interest in getting wolfSSL working with OpenLDAP's latest
version and integrated upstream?


OpenLDAP 2.4 is closed to development.  If you want this in for OpenLDAP 
2.5, you'll need to get the work in ASAP, otherwise it will have to wait 
for 2.6


Generally:

Sign up for an account on our gitlab instance: https://git.openldap.org

Fork a copy of the openldap repo.

Create a branch for ITS9303 and do the work in that branch

Push the branch

Open a merge request for review

Additionally, you'll need to add an IPR statement to ITS#9303 as documented 
at 


A link to the MR should also be put into the ITS.

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:



Re: New OpenLDAP TLS backend? (wolfSSL)

2021-02-25 Thread Howard Chu
Hayden Roche wrote:
> Hi everyone,

Hi!

Sure, I've used wolfSSL before, I think it would be nice to have it as a first 
class option. I'm a bit leery
of OpenSSL compatibility layers. LibreSSL tends to confuse all version number 
checks with theirs, so
it's better to avoid that mess if possible.


> 
> I'm a software engineer with wolfSSL, which is a fast, lightweight, and 
> FIPS-certified TLS implementation written in C. wolfSSL offers an OpenSSL 
> compatibility
> layer that presents the same API as OpenSSL, but under the hood, calls into 
> wolfSSL and woflCrypt (our crypto library) functions. One of our commercial 
> users
> recently had us port OpenLDAP to use wolfSSL. With some modifications to the 
> OpenSSL backend code (primarily in tls_o.c), I was able to get OpenLDAP 2.4.47
> building and (to my knowledge) working with wolfSSL's OpenSSL compatibility 
> layer. I recently reached out on your IRC channel to see if there was any 
> interest
> in supporting wolfSSL as a TLS backend for OpenLDAP upstream and was directed 
> to this mailing list (thanks JoBbZ). I was also pointed to this issue in your
> issue tracking system, where a developer (Quanah Gibson-Mount) expressed 
> interest in using wolfSSL: https://bugs.openldap.org/show_bug.cgi?id=9303
> 
> Is there still interest in getting wolfSSL working with OpenLDAP's latest 
> version and integrated upstream? If so, I imagine we'd want to make wolfSSL a 
> first
> class citizen among the TLS backends (i.e. rather than using our OpenSSL 
> compatibility layer and modifying tls_o.c, use wolfSSL's native functions and 
> create a
> new tls_w.c). Looking forward to hearing from you.
> 
> Thanks!
> 
> Hayden Roche
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.   http://www.symas.com
  Director, Highland Sun http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/