Re: GNU TLS OpenSSL compatibility layer under GPL, not LGPL
On Sat, 2003-01-18 at 11:52, Steve Langasek wrote:
> On Fri, Jan 17, 2003 at 03:05:04PM -0500, Jeff Licquia wrote:
>
> > I suppose it depends on whose resources are being wasted. Certainly the
> > GNU project's resources aren't.
>
> Perhaps not directly. Who knows how many people who would otherwise be
> spending time on GPL software will instead be stuck porting
> free-but-GPL-incompatible software to use GNU TLS? I find that hard to
> justify.
Well, this is the GNU project we're talking about. How much
GPL-incompatible software do they distribute?
> > FWIW, porting to the native API didn't turn out to be difficult. If the
> > GNU TLS project doesn't bend on the licensing issue, it might behoove us
> > to write a Porting HOWTO, or some such.
>
> I would appreciate seeing such a document. It seems GPL-compatibilty
> with SSL-enabled postgres libs will be an issue soon for me because of
> freeradius.
Once things settle down with CUPS, I might just start writing such a
document. Of course, I won't mind if someone beats me to it. :-)
Here's what I've learned so far:
- SSL_library_init() and friends -> gnutls_global_init().
- You have to create a credentials object to hold your credential info
(we use X.509, these are our CAs, this is our cert, etc.). This is kind
of like a SSL_CTX in OpenSSL, except that it's more loosely coupled.
SSL objects are created from SSL_CTX objects, but gnutls_session objects
are independent from credentials objects and can, in theory, communicate
without them.
- SSL_new() -> gnutls_init()
- SSL_connect() -> gnutls_handshake()
- SSL_read() -> gnutls_record_recv() and SSL_write() ->
gnutls_record_send().
- SSL_shutdown() -> gnutls_bye()
- Errors are nicer. gnutls_perror() and gnutls_strerror() do pretty
much what you think they'd do.
The documentation on the GNU TLS page seem pretty good. They even
include examples of both clients and servers at various sophistication
levels.
Reply to: