Well, I think that regardless of what schannel ends up using, wininet and winhttp should be implemented on top schannel in the long term, instead of using OpenSSL directly. I don't think GnuTLS is really the
Well, that's certainly true, as there are features of at least wininet that can't be implemented as long as OpenSSL is using a file descriptor directly. I don't have enough confidence in schannel's current implementation to start that, though.
problem though, or that the existing schannel code is particularly badly implemented. It seems to me that it's more a case of the schannel / secur32 API being somewhat unclear, even to the applications actually using it. Tests would certainly help there, but
Perhaps. Tests would help convince me.
what IMO complicates writing them is that only the client part of schannel is currently implemented.
That might be true for writing tests against Wine's implementation, but there's nothing to stop them from being skipped if a server implementation isn't available. In general, I write tests against Windows first. How is this case different? Furthermore, adding a server implementation to schannel isn't likely to be that complex, as GnuTLS does support server-side connections as well, so if that's what's holding back tests, it shouldn't be.
Not really. IMO it's just a case of neglect.
Agreed that it is neglected. Without tests, I'm nervous to take on ownership of it. There have been a few half-hearted attempts to work in this area, but I haven't seen much contribution from people willing to maintain the code over the long term.
I may be flogging a dead horse here, but I personally am loath to see another implementation creep in, side by side with the existing one, that has no guarantee of working any better. I don't see how this helps CodeWeavers, either, other than reducing installation complexity. If there are bugs in the new implementation, and I expect there will be, you'll still have a large support load. Worse, even if you succeed in fixing bugs for your Mac customers, the rest of us don't benefit, as the current implementation still isn't getting any support. If there are development resources available to work on schannel, why not put them into something that benefits the project as a whole? --Juan