As far as I know, this rant has never been discussed here: http://www.openldap.org/lists/openldap-devel/200802/msg00072.html [...] I strongly recommend that GnuTLS not be used. All of its APIs would need to be overhauled to correct its flaws [...]