On Mon, Feb 12, 2018 at 09:27:16AM -0600, ed...@pettijohn-web.com wrote: > Has there been any discussion of packaging libtls separately from libressl > for portable use? With my limited skills I was able to write a program to > talk to smtpd and starttls using nothing but the manuals. I seriously doubt I > could have done so with the gnu tls library. This really shows how well it is > written as far as the code involved, but also the quality of the manuals. I > only had one hickup and if I can think of a way to word it better I'll send a > patch for that manual. > > Thanks, > > Edgar
Hi Edgar, I had a working version a couple of years ago against OpenSSL. There were a few challenges even with a closely-related library: 1. libtls can and does reply on LibreSSL-specific features in the core library, e.g. for privilege separation. These would either need to be ported into OpenSSL or a compatibility interface provided in addition to the libtls interface. 2. Which version of the OpenSSL API / ABI to support? Now that OpenSSL is incompatible between 1.1 and 1.0, even more workarounds may be needed. 3. The libtls API is usually defined in terms of the LibreSSL version it ships with, and changed somewhat quickly. Would libtls-standalone be shipped as part of the target library? How would we sync API / ABI changes between them. You could probably port libtls to have a gnutls backend, though you may have to implement more lower-level changes in gnutls as well to support some of the features. The longer-term support, release, and fragmentation issues also remain.