On Tue, Feb 1, 2011 at 3:08 AM, Juan Lang juan.lang@gmail.com wrote:
Hi Ken, thanks for the reply.
As Henri said, it's that it's a set of external dependencies (not just
one; GnuTLS has its own dependencies) and that they are security-related. To the greatest extent practical, security-related libraries should come from one's distro or OS vendor.
Sure, I can buy that. I'll note that OpenSSL is also available for the Mac, and already loaded by wininet and winhttp. It could be appropriate to move from GnuTLS to OpenSSL for schannel, so we'd only have a single implementation for both Linux and Mac in schannel.
OpenSSL seems like a bad idea. It has poor binary compatibility and problematic FIPS 140 certification, and Fedora is dropping it in favour of NSS: http://fedoraproject.org/wiki/FedoraCryptoConsolidation http://fedoraproject.org/wiki/CryptoConsolidationEval
OpenSSL isn't part of the LSB (while NSS is), so if we ever want to make a Wine LSB package, it might be a good idea to get OpenSSL out of Wine entirely. See also the August 2008 wine-devel thread about this: http://www.winehq.org/pipermail/wine-devel/2008-August/068575.html
Damjan Jovanovic