Re: ssl?
Jerry James writes:
On Tue, Nov 12, 2013 at 11:16 PM, Stephen J. Turnbull
<stephen(a)xemacs.org> wrote:
> *sigh* We probably should sync this with Emacs. gnutls is
> well-established now, although I suppose *most* systems with XEmacs on
> them will have OpenSSL too.
FWIW, I started work on this quite awhile ago.
By "sync this", I meant making gnutls-cli work.
I quickly discovered that I hate the way that gnutls support was
added to Emacs.
I do too, and I haven't even looked at the code yet. ;-)
They do weird gross things at strange places in the process code.
I have no doubt at all that Ted Z is capable of that. :-/
I would much rather make a gnutls lstream type,
Certainly that's that right approach IMO.
The problem with that approach is that there is then no way to
match the Emacs API,
Surely we can match the Emacs API in Lisp, although it might be in
some cost of security or efficiency. I don't mind the incompatibility
if we have full support of things like STARTTLS negotiation for
protocols that support STARTTLS, etc.
I've never decided what to do about this, so the code has just
been
sitting in a local workspace, untouched for months.
*sigh* That's a completely different set of issues. Let's stop doing
this to ourselves. If it's a mistake not to emulate Ted Z, we can pay
for it later. Do what you think is right.
Also FWIW, Fedora is trying to nudge developers towards NSS:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation.
OK, I can see the rationale (although I'd never heard of NSS vs
OpenSSL and GNUTLS, the FIPS certification is a killer argument in
favor of it as a leading candidate). Do you know why GNUTLS is
favored over OpenSSL? The latter is older, and from what I'm hearing
on emacs-devel, more stable.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://lists.xemacs.org/mailman/listinfo/xemacs-beta