| 1 |
What is the current status/thoughts regarding libressl? Reviewing the |
| 2 |
bug and some past threads, it sounds like the initial plan was to make |
| 3 |
openssl a virtual and let either classic openssl or libressl fulfull it? |
| 4 |
I'm not sure if things have changed from that viewpoint, but it really |
| 5 |
doesn't seem they're going to be plug and play compatible 8-/. libressl |
| 6 |
offers functionality openssl doesn't and vice versa, and playing nicely |
| 7 |
with each other doesn't seem to be on the agenda of either. It seems it |
| 8 |
might make more sense to treat them more like openssl and gnutls, where |
| 9 |
they both provide similar ssl functionality but a given package might |
| 10 |
use one, the other, or either? |
| 11 |
|
| 12 |
The specific reason for my current inquiry is that the latest openntpd |
| 13 |
release includes the new support from openbsd for "constraints", where |
| 14 |
basically you can verify ntp time sources by checking their time |
| 15 |
relative to a trusted TLS server (which provides the time in HTTP |
| 16 |
headers). This functionality requires libtls, part of libressl. openssl |
| 17 |
provides no compatible functionality, so this is a case where they're |
| 18 |
not plug-and-play, openntpd requires libressl specifically. |
| 19 |
|
| 20 |
Thanks... |
Archives