On Sun, Jul 13, 2014 at 12:22:49PM +0200, Jeroen Dekkers wrote:
> > > I think GnuTLS is actually a better alternative and wish there
> > > were more people developing and using it.
[...]
> > * GnuTLS, with an API incompatible with OpenSSL, thus requiring huge
> > amounts of work to make significant use of it.
>
> It depends on how you look at it. If you see the OpenSSL API as
> something that isn't really well designed then other libraries not
> copying the API is actually a good thing.
The problem is that OpenSSL is much more than just an implementation of
SSL/TLS. It is also provides a very extensive set of low-level
cryptographic functions. There are many programs that use OpenSSL for
the latter, not for the SSL/TLS layer. You just cannot drop in GnuTLS,
MatrixSSL or PolarSSL for those.
Some of the alternatives to OpenSSL come with the essential
cryptographic primitves to support SSL/TLS built-in, others rely on
external libraries to do that. For example, GnuTLS currently depends on Nettle.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>
Attachment:
signature.asc
Description: Digital signature