Investiguate use of GNUtls instead of OpenSSL
The SSLv3/TLS implementation might be rewritten using GNUtls. This library has a clean API, a full featured documentation, and is licensed under LGPL, avoiding the license incompatibility faced with [[OpenSSL]].
#1 Updated by Yoann VANDOORSELAERE over 15 years ago
- Status changed from New to Closed
- Resolution set to fixed
Fixed in r3812 r3813 r3814 r3815.
- [[OpenSSL]] licensing problem.
- potential [[OpenSSL]] dual licensing incompatibility.
- [[GnuTLS]] API is cleaner in my taste.
- [[GnuTLS]] security background is much better.
Complete overhaul of the certificate handling infrastructure,
things are much cleaner, and much more safe now. Authentication
is always ciphered, and the encryption layer is dropped if UNIX
connection are used.
manager-adduser / sensor-adduser are now obsoleted and replaced
by a brand new tool called prelude-adduser handling the whole
The certificate exchange is now done using SRP, and through
a certificate request.