On Mon, Feb 12, 2018 at 09:27:16AM -0600, [email protected] wrote:
> Has there been any discussion of packaging libtls separately from libressl
> for portable use? With my limited skills I was able to write a program to
> talk to smtpd and starttls using nothing but the manuals. I seriously doubt I
> could have done so with the gnu tls library. This really shows how well it is
> written as far as the code involved, but also the quality of the manuals. I
> only had one hickup and if I can think of a way to word it better I'll send a
> patch for that manual.
>
> Thanks,
>
> Edgar
Hi Edgar,
I had a working version a couple of years ago against OpenSSL. There
were a few challenges even with a closely-related library:
1. libtls can and does reply on LibreSSL-specific features in the
core library, e.g. for privilege separation. These would either
need to be ported into OpenSSL or a compatibility interface
provided in addition to the libtls interface.
2. Which version of the OpenSSL API / ABI to support? Now that
OpenSSL is incompatible between 1.1 and 1.0, even more
workarounds may be needed.
3. The libtls API is usually defined in terms of the LibreSSL
version it ships with, and changed somewhat quickly.
Would libtls-standalone be shipped as part of the target library?
How would we sync API / ABI changes between them.
You could probably port libtls to have a gnutls backend, though you may
have to implement more lower-level changes in gnutls as well to support
some of the features. The longer-term support, release, and
fragmentation issues also remain.
