On Tue, Feb 1, 2011 at 3:08 AM, Juan Lang <juan.lang@gmail.com> wrote:
Hi Ken, thanks for the reply.

> As Henri said, it's that it's a set of external dependencies (not just one; GnuTLS has its own dependencies) and that they are security-related. �To the greatest extent practical, security-related libraries should come from one's distro or OS vendor.

Sure, I can buy that. �I'll note that OpenSSL is also available for
the Mac, and already loaded by wininet and winhttp. �It could be
appropriate to move from GnuTLS to OpenSSL for schannel, so we'd only
have a single implementation for both Linux and Mac in schannel.


OpenSSL seems like a bad idea. It has poor binary compatibility and problematic FIPS 140 certification, and Fedora is dropping it in favour of NSS:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
http://fedoraproject.org/wiki/CryptoConsolidationEval

OpenSSL isn't part of the LSB (while NSS is), so if we ever want to make a Wine LSB package, it might be a good idea to get OpenSSL out of Wine entirely. See also the August 2008 wine-devel thread about this:
http://www.winehq.org/pipermail/wine-devel/2008-August/068575.html

Damjan Jovanovic