[Openvas-devel] Start: replacing OpenSSL by GNU/TLS

Jan-Oliver Wagner jan-oliver.wagner at intevation.de
Wed Mar 28 10:00:27 CEST 2007

On Monday 26 March 2007 16:48, Tim Brown wrote:
> On Monday 26 March 2007 15:26, Daniel Cabezas wrote:
> > Don´t want to talk much about an issue which I don´t know well, but why
> > aren´t other alternatives studied? I mean, like matrixssl. That stub of
> > wrapper functions could make any underlying ssl engine work, and the binary
> > deployment responsible would be able to choose which library to link
> > openvas against.
> This is a fair point, although the counter would be, that we don't want to end 
> up support 1001 different SSL implementations and openssl and gnu/tls are the 
> most well known and widely deployed so far.
> I vote we do a stub with support for OpenSSL and GNU/TLS and let folk who want 
> to use something else (Win32 SSLs etc worry about that for themselves).  Note 
> I also think the stub should map to GNU/TLS and that we figure out the APIs 
> required for OpenSSL to be made to behave in the same manner.

implementing a stub might mean quite some efford. The compatibility layer of GNU/TLS
shows that there is quite a limit in doing so.

What I regard doable is to keep it possible to compile with OpenSSL with explizit configuration.
But: Is there a realisitic chance that eventually it is legal to link and distribute them?
(I.e. is it worth doing so?)
I might be interesting to evaluate if others did this effort already...

The Win32 guys have no problem. GNU/TLS works for them.
Apart from that: Some time ago we discussed that Win32 will not be supported
by OpenVAS (reducing code complexity). Is this still a agreed position?

> MatrixSSL looks interesting, but may cause issues for any commercial users of 
> the future OpenVAS:
> "Basically, the dual license means that you can use the library for free as 
> long as you make public all code that links with it or otherwise uses the 
> library. In addition, any changes made to the library must also be made 
> public. If the application source code using MatrixSSL is to remain 
> proprietary, a commercial license can be purchased from PeerSec Networks, the 
> authors of MatrixSSL.".

Not really an issue. Proprietary use of OpenVAS is prohibited anyway through GNU GPL.


Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

More information about the Openvas-devel mailing list