On 12/02/2010 12:10 PM, Matthias Andree wrote: > Am 02.12.2010 10:46, schrieb Farkas Levente: >> On 12/02/2010 10:05 AM, Adriaan de Jong wrote: >>> Hi List, >>> >>> We've been working on OpenVPN in preparation for a security evaluation. >>> This entailed documenting OpenVPN at a relatively high level, removing the >>> dependencies on OpenSSL, and adding support for a simpler, easier to >>> evaluate library (PolarSSL). >>> >>> This was done in a series of patches: >>> - Patch 1: Adds documentation to OpenVPN through Doxygen. >>> - Patch 2: Splits out OpenSSL-specific code, defining a clean "backend" >>> interface for both the crypto and SSL modules. Splits the SSL module into >>> channel setup and verification sub-modules. >>> - Patch 3: Adds a backend for PolarSSL. >>> >>> We'd love to release these patches to the community. Unfortunately, the >>> patches are now based on 2.1.4, and need to be rebased to a newer version. >>> Before we spend time on updating the patches to the current revision of >>> OpenVPN, we'd like to know whether there is an interest in these patches >>> from the community. >> >> most distro switch from openssl to nss. is there any reason you switch >> to polarssl in stead of nss? >> > > What do you base the "most distro" assessment on? > > Are you aware of any website discussing the advantages of the "big" SSL > providers (OpenSSL, Mozilla NSS, GnuTLS, PolarSSL, CyaSSL, ...)?
http://fedoraproject.org/wiki/FedoraCryptoConsolidation http://rcritten.fedorapeople.org/nss_compat_ossl.html http://www.mail-archive.com/help-gnutls@gnu.org/msg00676.html http://fedoraproject.org/wiki/Nss_compat_ossl http://lists.alioth.debian.org/pipermail/nut-upsdev/2010-December/005090.html -- Levente "Si vis pacem para bellum!"
