why gnutls when we have openssl?

Simon Josefsson jas at extundo.com
Thu Aug 23 19:14:02 CEST 2001


Werner Koch <wk at gnupg.org> writes:

>> can someone explain me why do you guys write gnutls when we have openssl?
>
> One reason is that the OpenSSL license is not compatible to the GPL;
> this forbids us to use code from OpenSSL or distribute GPLed software
> together with OpenSSL.

There is also Mozilla's NSS which is a GPLd TLS implementation.  Like
OpenSSL it also has S/MIME and other stuff, and it's quite mature and
bug free from what I've seen.

I fear a incompatibility mess for TLS libraries in free software soon,
we'll all be required to have three TLS libraries installed and each
have their own method of storing and handling CA's, private keys etc.
Right now, most free programs out there seem to mostly deal with
server-side HTTPS and little else, Netscape/Mozilla S/MIME being about
the only major exception I can think of.  Client-side authenticated
SMTP, IMAP is about to happen, but I think it will not work smoothly
for Unix users until you can manage your CA's, private keys etc across
applications.  It's blasphemy here, but the integration of CAPI/CSP in
Windows is just so nice, I wished we had something like that on Unix.

Err, end of rant, just my $.2.





More information about the Gnutls-devel mailing list