Re: GNU TLS OpenSSL compatibility layer under GPL, not LGPL
On Sat, 2003-01-18 at 11:52, Steve Langasek wrote:
> On Fri, Jan 17, 2003 at 03:05:04PM -0500, Jeff Licquia wrote:
> > I suppose it depends on whose resources are being wasted. Certainly the
> > GNU project's resources aren't.
> Perhaps not directly. Who knows how many people who would otherwise be
> spending time on GPL software will instead be stuck porting
> free-but-GPL-incompatible software to use GNU TLS? I find that hard to
Well, this is the GNU project we're talking about. How much
GPL-incompatible software do they distribute?
> > FWIW, porting to the native API didn't turn out to be difficult. If the
> > GNU TLS project doesn't bend on the licensing issue, it might behoove us
> > to write a Porting HOWTO, or some such.
> I would appreciate seeing such a document. It seems GPL-compatibilty
> with SSL-enabled postgres libs will be an issue soon for me because of
Once things settle down with CUPS, I might just start writing such a
document. Of course, I won't mind if someone beats me to it. :-)
Here's what I've learned so far:
- SSL_library_init() and friends -> gnutls_global_init().
- You have to create a credentials object to hold your credential info
(we use X.509, these are our CAs, this is our cert, etc.). This is kind
of like a SSL_CTX in OpenSSL, except that it's more loosely coupled.
SSL objects are created from SSL_CTX objects, but gnutls_session objects
are independent from credentials objects and can, in theory, communicate
- SSL_new() -> gnutls_init()
- SSL_connect() -> gnutls_handshake()
- SSL_read() -> gnutls_record_recv() and SSL_write() ->
- SSL_shutdown() -> gnutls_bye()
- Errors are nicer. gnutls_perror() and gnutls_strerror() do pretty
much what you think they'd do.
The documentation on the GNU TLS page seem pretty good. They even
include examples of both clients and servers at various sophistication