On Thu, 13 Jun 2002, Thomas Lussnig wrote: > was the patch for switching to GNUTLS been tested yet ? > If only done some quick checks, (work with/out http(s)) so that > it is usable, but need to test client cert sending and server cert checking. > > I ask because this would solve the whole openssl problem, or most of it.
I am not sure what you mean by solving the openssl problem. GNU TLS is a project in early development. Libgcrypt is still in alpha development. There is no assurance that programs compiled with this code will actually be secure. Openssl is a lonstanding, tested library ready for production quality work. It is certainly reasonable to test wget with GNU TLS in order to look for problems or bugs, but I don't think that anyone would want to rely on the security of a wget binary compiled with GNU TLS. See the disclaimers at the GNUTLS web site. Doug __ Doug Kaufman Internet: [EMAIL PROTECTED]