On Thu, 2013-09-12 at 16:51 -0400, Daniel Kahn Gillmor wrote: > On 09/12/2013 04:40 PM, Simo wrote: > > On Thu, 2013-09-12 at 15:13 +0100, ke...@sd-kvm.me4.it wrote: > >> Gnutls may be usable as an alternative to Openssl. > >> It's already in Debian, new to me. > > > > What's wrong with OpenSSL that GNUTLS get's right ? > > * Licensing that is not deliberately incompatible with the GPL.
Well the licensing story of openssl is complex, but it is not deliberately incompatible as far as I know, the incompatibility is an accident of history. > * A sane and modern library API (granted, parts of OpenSSL are have > these features too; most projects are mired in the horror, though) Hard for me to parse what you mean, but it is not like GnuTLS does not have its flaws: http://www.openldap.org/lists/openldap-devel/200802/msg00072.html Afaik this remains unchanged to date. > * delegation of specific tasks to other libraries, rather than > kitchen-sink agglomeration. > > There are probably other reasons. Are you compiling a list on request because you have pet peeves ? I do not deny OpenSSL is not the best API you can get, but I thought we were discussing about the security of the library. OpenSSL has got orders of magnitude more public scrutiny than gnutls so I tend to trust OpenSSL more from this point of view. So do you have actual issues with the crypto implementation ? Simo. _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
