It would be nice if PTLib would do a pgk-config check for "openssl" or "libressl" to activate the OpenSSL code. I simply named the pgk-config file for LibreSSL "openssl.pc" to work around that.
To use GnuTLS for the H.323 media encryption in GnuGk and H323Plus, PSSLxxx wrappers won't help. The OpenSSL compatibility mode of GnuTLS also isn't enough.
regards, Jan
Robert Jongbloed wrote:
Excellent!
Are there any tweaks to the configure.ac that should happen to find LibreSSL?
And re GnuTLS, the whole point of the PSSLxxx class wrappers in PTLib was to allow for use of other API's to OpenSSL/LibreSSL. At least as a configure/compile time option. One of these years, someone may cough up the time/money to actually do the implementation ....
*Robert Jongbloed* OPAL/OpenH323/PTLib Architect and Co-founder. Commercial support at http://www.voxlucida.com.au /Travelling, so email responses may be slow!/
Robert. On 29/07/2014 5:30 pm, Jan Willamowius wrote:
Hi,
with the bugs recently found in OpenSSL, there is some concern how many more issues still lurk in the old and crufty OpenSSL code. There is a great effort by some OpenBSD developers to fork OpenSSL into "LibreSSL" (www.libressl.org) and clean up the code while keeping the public interface stable.
I did a quick check and can report that GnuGk / H323Plus / PTLib compile well with LibreSSL instead of OpenSSL. All I had to do was provide a pkg-config file. So now we have a choice which library to use.
I used LibreSSL Portable 2.0.3 for my test.
Another interesting project would be to use GnuTLS as a replacement, but thats going to require a number of code changes on our side.
Regards, Jan