On Sat, 2003-01-18 at 11:52, Steve Langasek wrote: > On Fri, Jan 17, 2003 at 03:05:04PM -0500, Jeff Licquia wrote: > > > I suppose it depends on whose resources are being wasted. Certainly the > > GNU project's resources aren't. > > Perhaps not directly. Who knows how many people who would otherwise be > spending time on GPL software will instead be stuck porting > free-but-GPL-incompatible software to use GNU TLS? I find that hard to > justify.
Well, this is the GNU project we're talking about. How much GPL-incompatible software do they distribute? > > FWIW, porting to the native API didn't turn out to be difficult. If the > > GNU TLS project doesn't bend on the licensing issue, it might behoove us > > to write a Porting HOWTO, or some such. > > I would appreciate seeing such a document. It seems GPL-compatibilty > with SSL-enabled postgres libs will be an issue soon for me because of > freeradius. Once things settle down with CUPS, I might just start writing such a document. Of course, I won't mind if someone beats me to it. :-) Here's what I've learned so far: - SSL_library_init() and friends -> gnutls_global_init(). - You have to create a credentials object to hold your credential info (we use X.509, these are our CAs, this is our cert, etc.). This is kind of like a SSL_CTX in OpenSSL, except that it's more loosely coupled. SSL objects are created from SSL_CTX objects, but gnutls_session objects are independent from credentials objects and can, in theory, communicate without them. - SSL_new() -> gnutls_init() - SSL_connect() -> gnutls_handshake() - SSL_read() -> gnutls_record_recv() and SSL_write() -> gnutls_record_send(). - SSL_shutdown() -> gnutls_bye() - Errors are nicer. gnutls_perror() and gnutls_strerror() do pretty much what you think they'd do. The documentation on the GNU TLS page seem pretty good. They even include examples of both clients and servers at various sophistication levels.