OpenSSL vs. GnuTLS in Exim

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL vs. GnuTLS in Exim

Jarosław Tabor
Hi all!

        I've problems with exim4-daemon-havy and its TLS support
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348046).
I suspect that problem is related to GnuTLS, so I want to rebuild exim4
against OpenSSL to check if it will help.

Can anyone tell me if there is any security risk to use openssl in
exim4 ?
Is there any advantage of GnuTLS over OpenSSL ?
I'm using OpenSSL based applications (i.e. courier-imap-ssl) for a long
time without ANY problems. What was the reason to use GnuTLS in exim ???

--
Jaroslaw Tabor <[hidden email]>


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL vs. GnuTLS in Exim

Sven Hartge-5
Um 23:34 Uhr am 03.04.06 schrieb Jaroslaw Tabor:

> Can anyone tell me if there is any security risk to use openssl in
> exim4 ?

No. Why do you suspect there to be any risks?

> I'm using OpenSSL based applications (i.e. courier-imap-ssl) for a long
> time without ANY problems. What was the reason to use GnuTLS in exim ???

Licences problems regarding OpenSSL in combination with GPL'd code without
a special clause allowing linking to OpenSSL-based code.

Grüße,
Sven.

--
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/

Achtung, neue Mail-Adresse: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL vs. GnuTLS in Exim

Marc Haber-2
In reply to this post by Jarosław Tabor
May I ask why you ask these questions on the Debian security list and
not on the Debian exim4 users list?

On Mon, Apr 03, 2006 at 11:34:18PM +0200, Jaroslaw Tabor wrote:
> I've problems with exim4-daemon-havy and its TLS support
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348046).
> I suspect that problem is related to GnuTLS, so I want to rebuild exim4
> against OpenSSL to check if it will help.
>
> Can anyone tell me if there is any security risk to use openssl in
> exim4 ?

Yes. No.

> Is there any advantage of GnuTLS over OpenSSL ?

GnuTLS' License fits better in Debian's freeness concept.

> I'm using OpenSSL based applications (i.e. courier-imap-ssl) for a long
> time without ANY problems. What was the reason to use GnuTLS in exim ???

Linking openssl against GPLed software is not allowed without an
explicit exception in the GPLed software's license since openssl's
license is incompatible with the GPL. We chose GnuTLS to avoid these
license issues.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL vs. GnuTLS in Exim

Florian Weimer
* Marc Haber:

>> Is there any advantage of GnuTLS over OpenSSL ?
>
> GnuTLS' License fits better in Debian's freeness concept.

Exim still links to OpenSSL, so I don't see how this can matter.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL vs. GnuTLS in Exim

Marc Haber-2
On Tue, Apr 04, 2006 at 01:37:24PM +0200, Florian Weimer wrote:
> * Marc Haber:
>
> >> Is there any advantage of GnuTLS over OpenSSL ?
> >
> > GnuTLS' License fits better in Debian's freeness concept.
>
> Exim still links to OpenSSL, so I don't see how this can matter.

exim links to OpenSSL by virtue of the MySQL and/or PostgresSQL
packages, IIRC. Which is not something we as exim maintainers can
control.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL vs. GnuTLS in Exim

Florian Weimer
* Marc Haber:

> On Tue, Apr 04, 2006 at 01:37:24PM +0200, Florian Weimer wrote:
>> * Marc Haber:
>>
>> >> Is there any advantage of GnuTLS over OpenSSL ?
>> >
>> > GnuTLS' License fits better in Debian's freeness concept.
>>
>> Exim still links to OpenSSL, so I don't see how this can matter.
>
> exim links to OpenSSL by virtue of the MySQL and/or PostgresSQL
> packages, IIRC. Which is not something we as exim maintainers can
> control.

Sure you can, just don't link against those libraries.

I'm beginning to wonder if we've got the resources to make GnuTLS
suitable for use in short-running processes, that's all.


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]