On Mon, 2007-10-22 at 14:47 +0100, Richard W.M. Jones wrote: > Bernardo Innocenti wrote: > > I remember this topic being discussed some time ago, > > but software is fluid and maybe it's time to respin > > the topic. > > > > It would seem a worthwhile goal to unify SSL/TLS > > implementations like we did for spell checkers. > > Or, if it turns out to be too hard, at least it would > > be nice to their pki files. > > I've asked whether we have a standard layout for /etc/pki before, but no > one seems to know. > > > We're now shipping no less than 4 different implementations > > of SSL: > > > > - openssl (OpenBSD's implementation) > > - nss (Netscape's implementation) > > - gnutls (LGPL implementation) > > - puretls (Java implementation) > > Make that at least five - ocaml-ocamlnet has a pure-OCaml SSL impl. I'm > sure Perl & Python probably have their own too. > > > But which one should replace the others? > > When we implemented encryption in libvirt, we chose gnutls because it > has excellent examples which allow you to actually write code to use it > in a short period of time. The others have (or we perceived them to > have) hideous, confusing or undocumented APIs. While I'm currently grumpy at gnutls (on debian actually, which is running 2.0), I do agree it's API and read/write callbacks make integrating into an existing event system very nice. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list