On 1/27/21 7:29 AM, [email protected] wrote: > January 27, 2021 9:47 AM, "Lauri Tirkkonen" <[email protected]> wrote: > >> On Wed, Jan 27 2021 09:36:31 +0100, Eric Faurot wrote: >> >>> There has been a plan for some time now to make smtpd use libtls >>> instead of openssl. Recent changes in libtls allow to move forward >>> with this. Here is a diff to start the switch. I've tried to keep >>> it as small as possible, sticking to the necessary changes. There is >>> still a lot of code that can be removed but that will be done in a >>> second time. >> >> I'm all for this, and sorry for screaming from the gallery, but I want to >> ask - >> is there a plan relating to libtls for portable OpenSMTPD? As it stands, >> OpenSSL-based systems are largely unable to use libtls (which in itself is a >> shame) - how would this change make it to portable? >> > > TL;DR: > In January 2020, I adapted OpenSMTPD to libtls for the first time and did it > both > for OpenBSD and portable. Since many systems didn't have LibreSSL available, > this > resulted in libtls being brought to the openbsd-compat layer and adapted to > build > with OpenSSL. The plan is to use libtls from LibreSSL if detected, otherwise > take > the openbsd-compat version if OpenSSL is detected. > > More (outdated) details here: > > https://poolp.org/posts/2020-01-22/january-2020-opensmtpd-work-libasr-and-libtls/ > > > As a side note: > > The work eric@ did on the libtls conversion was based on my diff but diverged > and > I will have to adapt my work from last year to make it work again. I'll take > care > of making it work again once his work is committed. > > As of today, there's no one but me working on the portable release so it > would be > nice if people interested in a portable release would step up to help. >
Is it not possible to use libretls - https://git.causal.agency/libretls/about/ They plan to maintain such a compatibility layer of libtls with openssl with minimal changes. It might be better to use their effort rather than adding a burden of both a compat libtls and opensmtpd in the portable version. Quite a lot of distributions already have this present so this might be a good idea to use their work. Thoughts? Best, Aisha
