| 1 |
On Fri, Apr 03, 2015 at 01:59:25AM +0200, Hanno Böck wrote: |
| 2 |
|
| 3 |
> Is there a way to split libtls off libressl? |
| 4 |
|
| 5 |
To revive this rather old thread, I just wanted to provide an update. |
| 6 |
After some discussion with upstream portable openntpd, the libressl team |
| 7 |
decided to go ahead and create a standalone libtls package that will |
| 8 |
eventually work with openssl: |
| 9 |
|
| 10 |
https://github.com/libressl-portable/portable/pull/83 |
| 11 |
|
| 12 |
This work has already been pulled into libressl head, and there has also |
| 13 |
been some work on adding the missing libressl APIs to openssl: |
| 14 |
|
| 15 |
https://github.com/busterb/openssl/commits/libressl-apis |
| 16 |
|
| 17 |
I believe these are going to get submitted to openssl for review soon. |
| 18 |
Unfortunately, there are still some security features missing in openssl |
| 19 |
that haven't been worked on (for openntpd purposes, specifically the |
| 20 |
ability for the openssl RNG to function in an empty chroot; if I |
| 21 |
understand correctly it needs access to /dev/(u)random while running). |
| 22 |
|
| 23 |
So it's not quite there yet, but it is being worked on, so I'm hopeful |
| 24 |
at some point in the not too distant future we can have openntpd with |
| 25 |
tls constraint support without having to deal with openssl vs libressl |
| 26 |
headaches :). |
Archives