[Openvas-devel] Start: replacing OpenSSL by GNU/TLS
jan-oliver.wagner at intevation.de
Wed Mar 28 10:00:27 CEST 2007
On Monday 26 March 2007 16:48, Tim Brown wrote:
> On Monday 26 March 2007 15:26, Daniel Cabezas wrote:
> > Don´t want to talk much about an issue which I don´t know well, but why
> > aren´t other alternatives studied? I mean, like matrixssl. That stub of
> > wrapper functions could make any underlying ssl engine work, and the binary
> > deployment responsible would be able to choose which library to link
> > openvas against.
> This is a fair point, although the counter would be, that we don't want to end
> up support 1001 different SSL implementations and openssl and gnu/tls are the
> most well known and widely deployed so far.
> I vote we do a stub with support for OpenSSL and GNU/TLS and let folk who want
> to use something else (Win32 SSLs etc worry about that for themselves). Note
> I also think the stub should map to GNU/TLS and that we figure out the APIs
> required for OpenSSL to be made to behave in the same manner.
implementing a stub might mean quite some efford. The compatibility layer of GNU/TLS
shows that there is quite a limit in doing so.
What I regard doable is to keep it possible to compile with OpenSSL with explizit configuration.
But: Is there a realisitic chance that eventually it is legal to link and distribute them?
(I.e. is it worth doing so?)
I might be interesting to evaluate if others did this effort already...
The Win32 guys have no problem. GNU/TLS works for them.
Apart from that: Some time ago we discussed that Win32 will not be supported
by OpenVAS (reducing code complexity). Is this still a agreed position?
> MatrixSSL looks interesting, but may cause issues for any commercial users of
> the future OpenVAS:
> "Basically, the dual license means that you can use the library for free as
> long as you make public all code that links with it or otherwise uses the
> library. In addition, any changes made to the library must also be made
> public. If the application source code using MatrixSSL is to remain
> proprietary, a commercial license can be purchased from PeerSec Networks, the
> authors of MatrixSSL.".
Not really an issue. Proprietary use of OpenVAS is prohibited anyway through GNU GPL.
Dr. Jan-Oliver Wagner Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
More information about the Openvas-devel