GnuTLS support?

[John Dennis]

Greg wrote:
> Hi all,
>
> Are there still plans to add in GnuTLS support for freeradius, or have
> those died?  I looked through the mail archives and found references
> to people wanting to do it in 2003 and 2006, against pre-2.0 code, and
> wondered if things had changed (either in freeradius or gnutls) to
> make it more or less likely.
>
> I'm a Debian user caught by their licensing trap, and I hateses
> compiling and revisioning one-off packages for something so simple.
>   
This may or may not be relevant or helpful to you, but Red Hat and the 
Fedora project has slowly been migrating packages from OpenSSL to NSS 
(http://www.mozilla.org/projects/security/pki/nss). This is motivated by 
the fact NSS is FIPS-140 certified which is often a requirement in 
government and enterprise deployments, more conducive licensing, and a 
desire to consolidate crypto libraries for purely practical software 
management reasons. FreeRADIUS has been identified as a candidate for 
porting to NSS and is on the to-do list. When that porting work is 
completed you will have an alternative to OpenSSL. Please note this work 
has not yet begun and there is no target date yet, but volunteers to 
help would be greatly appreciated and of course would surely speed up 
the process :-)

-- 
John Dennis <jdennis at redhat.com>