nmh-workers
[Top] [All Lists]

Re: [Nmh-workers] Starting the final call for features for 1.7

2016-09-25 14:48:33
Tom Lane <tgl(_at_)sss(_dot_)pgh(_dot_)pa(_dot_)us> writes:

Ken Hornstein <kenh(_at_)pobox(_dot_)com> writes:
Idly, http://www.libressl.org/ is one alternative, aiming to improve the 
code
quality amongst other things.  It includes a new libtls "designed to
make it easier to write foolproof applications" as well as "libssl: a
TLS library, backwards-compatible with OpenSSL".

Well, I can tell you that's how _I_ want to spend my free time: porting
our code to OTHER TLS IMPLEMENTATIONS! :-)

It's worse than that: people will expect you to operate with either one,
but LibreSSL's "backwards compatible" wrapper is only mostly so.
Postgres had to give up depending on OPENSSL_VERSION_NUMBER to make
it work:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=5c6df67e0c961f68e73e7c1e6312211ed59da00a

Somebody will need to test against old openssl, new openssl, *and*
libressl before you can be confident that you won't be getting complaints
around this area.  (No, I'm not volunteering.)

For the record, nmh 1.6 --with-tls builds fine against libressl 2.3.7,
no patches required.
(I don't use the TLS features, so I can't tell you if it actually works.)

-- 
Christian Neukirchen  <chneukirchen(_at_)gmail(_dot_)com>  
http://chneukirchen.org


_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>