why gnutls when we have openssl?

Simon Josefsson jas@extundo.com
Thu Aug 23 19:14:02 2001


Werner Koch <wk@gnupg.org> writes:


>> can someone explain me why do you guys write gnutls when we have openssl?
>
> One reason is that the OpenSSL license is not compatible to the GPL;
> this forbids us to use code from OpenSSL or distribute GPLed software
> together with OpenSSL.
There is also Mozilla's NSS which is a GPLd TLS implementation. Like OpenSSL it also has S/MIME and other stuff, and it's quite mature and bug free from what I've seen. I fear a incompatibility mess for TLS libraries in free software soon, we'll all be required to have three TLS libraries installed and each have their own method of storing and handling CA's, private keys etc. Right now, most free programs out there seem to mostly deal with server-side HTTPS and little else, Netscape/Mozilla S/MIME being about the only major exception I can think of. Client-side authenticated SMTP, IMAP is about to happen, but I think it will not work smoothly for Unix users until you can manage your CA's, private keys etc across applications. It's blasphemy here, but the integration of CAPI/CSP in Windows is just so nice, I wished we had something like that on Unix. Err, end of rant, just my $.2.