1 |
On Fri, Apr 03, 2015 at 01:59:25AM +0200, Hanno Böck wrote: |
2 |
|
3 |
> Is there a way to split libtls off libressl? |
4 |
|
5 |
To revive this rather old thread, I just wanted to provide an update. |
6 |
After some discussion with upstream portable openntpd, the libressl team |
7 |
decided to go ahead and create a standalone libtls package that will |
8 |
eventually work with openssl: |
9 |
|
10 |
https://github.com/libressl-portable/portable/pull/83 |
11 |
|
12 |
This work has already been pulled into libressl head, and there has also |
13 |
been some work on adding the missing libressl APIs to openssl: |
14 |
|
15 |
https://github.com/busterb/openssl/commits/libressl-apis |
16 |
|
17 |
I believe these are going to get submitted to openssl for review soon. |
18 |
Unfortunately, there are still some security features missing in openssl |
19 |
that haven't been worked on (for openntpd purposes, specifically the |
20 |
ability for the openssl RNG to function in an empty chroot; if I |
21 |
understand correctly it needs access to /dev/(u)random while running). |
22 |
|
23 |
So it's not quite there yet, but it is being worked on, so I'm hopeful |
24 |
at some point in the not too distant future we can have openntpd with |
25 |
tls constraint support without having to deal with openssl vs libressl |
26 |
headaches :). |