1 |
What is the current status/thoughts regarding libressl? Reviewing the |
2 |
bug and some past threads, it sounds like the initial plan was to make |
3 |
openssl a virtual and let either classic openssl or libressl fulfull it? |
4 |
I'm not sure if things have changed from that viewpoint, but it really |
5 |
doesn't seem they're going to be plug and play compatible 8-/. libressl |
6 |
offers functionality openssl doesn't and vice versa, and playing nicely |
7 |
with each other doesn't seem to be on the agenda of either. It seems it |
8 |
might make more sense to treat them more like openssl and gnutls, where |
9 |
they both provide similar ssl functionality but a given package might |
10 |
use one, the other, or either? |
11 |
|
12 |
The specific reason for my current inquiry is that the latest openntpd |
13 |
release includes the new support from openbsd for "constraints", where |
14 |
basically you can verify ntp time sources by checking their time |
15 |
relative to a trusted TLS server (which provides the time in HTTP |
16 |
headers). This functionality requires libtls, part of libressl. openssl |
17 |
provides no compatible functionality, so this is a case where they're |
18 |
not plug-and-play, openntpd requires libressl specifically. |
19 |
|
20 |
Thanks... |