On Fri, Feb 10, 2006 at 11:21:05AM +0100, Nicolas Baradakis wrote:
In short, I prefer a lot a debian patch for gnuTLS than a license modification. As gnuTLS has an OpenSSL compatibility layer, perhaps it's not hard to do.
The last time I looked at this compatibility layer, I did not find suitable functionality for implementing EAP methods due to the requirement of doing I/O with own routines (instead of using TCP sockets). If someone is planning on converting FreeRADIUS to use GnuTLS, it might be worthwhile to take a look at the TLS wrapper I designed for wpa_supplicant (EAP peer) and hostapd (EAP server). It includes implementation for both OpenSSL and GnuTLS, i.e., there is a build time option to select which one to use and core code does not need any changes regardless of which TLS library is used. I would assume that similar design would work fine with FreeRADIUS, too, or at least tls_gnutls.c wrapper implementation can provide some examples on how EAP-TLS/PEAP/TTLS can be implemented with GnuTLS. -- Jouni Malinen PGP id EFC895FA