On Sun, Jul 13, 2014 at 12:22:49PM +0200, Jeroen Dekkers wrote: > > > I think GnuTLS is actually a better alternative and wish there > > > were more people developing and using it. [...] > > * GnuTLS, with an API incompatible with OpenSSL, thus requiring huge > > amounts of work to make significant use of it. > > It depends on how you look at it. If you see the OpenSSL API as > something that isn't really well designed then other libraries not > copying the API is actually a good thing.
The problem is that OpenSSL is much more than just an implementation of
SSL/TLS. It is also provides a very extensive set of low-level
cryptographic functions. There are many programs that use OpenSSL for
the latter, not for the SSL/TLS layer. You just cannot drop in GnuTLS,
MatrixSSL or PolarSSL for those.
Some of the alternatives to OpenSSL come with the essential
cryptographic primitves to support SSL/TLS built-in, others rely on
external libraries to do that. For example, GnuTLS currently depends on Nettle.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <g...@debian.org>
signature.asc
Description: Digital signature
