On Mon, Feb 12, 2018 at 09:27:16AM -0600, ed...@pettijohn-web.com wrote:
> Has there been any discussion of packaging libtls separately from libressl 
> for portable use? With my limited skills I was able to write a program to 
> talk to smtpd and starttls using nothing but the manuals. I seriously doubt I 
> could have done so with the gnu tls library. This really shows how well it is 
> written as far as the code involved, but also the quality of the manuals. I 
> only had one hickup and if I can think of a way to word it better I'll send a 
> patch for that manual.
>
> Thanks,
>
> Edgar

Hi Edgar,

  I had a working version a couple of years ago against OpenSSL. There
  were a few challenges even with a closely-related library:

    1. libtls can and does reply on LibreSSL-specific features in the
       core library, e.g. for privilege separation. These would either
       need to be ported into OpenSSL or a compatibility interface
       provided in addition to the libtls interface.

    2. Which version of the OpenSSL API / ABI to support? Now that
       OpenSSL is incompatible between 1.1 and 1.0, even more
       workarounds may be needed.

    3. The libtls API is usually defined in terms of the LibreSSL
       version it ships with, and changed somewhat quickly.
       Would libtls-standalone be shipped as part of the target library?
       How would we sync API / ABI changes between them.

You could probably port libtls to have a gnutls backend, though you may
have to implement more lower-level changes in gnutls as well to support
some of the features. The longer-term support, release, and
fragmentation issues also remain.

Reply via email to