1 |
[Sorry if this is a dupe, my first send didn't seem to go through] |
2 |
|
3 |
On Fri, Apr 03, 2015 at 01:59:25AM +0200, Hanno Böck wrote: |
4 |
|
5 |
> Is there a way to split libtls off libressl? |
6 |
|
7 |
To revive this rather old thread, I just wanted to provide an update. |
8 |
After some discussion with upstream portable openntpd, the libressl team |
9 |
decided to go ahead and create a standalone libtls package that will |
10 |
eventually work with openssl: |
11 |
|
12 |
https://github.com/libressl-portable/portable/pull/83 |
13 |
|
14 |
This work has already been pulled into libressl head, and there has also |
15 |
been some work on adding the missing libressl APIs to openssl: |
16 |
|
17 |
https://github.com/busterb/openssl/commits/libressl-apis |
18 |
|
19 |
I believe these are going to get submitted to openssl for review soon. |
20 |
Unfortunately, there are still some security features missing in openssl |
21 |
that haven't been worked on (for openntpd purposes, specifically the |
22 |
ability for the openssl RNG to function in an empty chroot; if I |
23 |
understand correctly it needs access to /dev/(u)random while running). |
24 |
|
25 |
So it's not quite there yet, but it is being worked on, so I'm hopeful |
26 |
at some point in the not too distant future we can have openntpd with |
27 |
tls constraint support without having to deal with openssl vs libressl |
28 |
headaches :). |