Hi all, Are there still plans to add in GnuTLS support for freeradius, or have those died? I looked through the mail archives and found references to people wanting to do it in 2003 and 2006, against pre-2.0 code, and wondered if things had changed (either in freeradius or gnutls) to make it more or less likely. I'm a Debian user caught by their licensing trap, and I hateses compiling and revisioning one-off packages for something so simple. Thanks for your time. -Greg
Greg wrote:
Are there still plans to add in GnuTLS support for freeradius, or have those died?
There's little value in it.
I looked through the mail archives and found references to people wanting to do it in 2003 and 2006, against pre-2.0 code, and wondered if things had changed (either in freeradius or gnutls) to make it more or less likely.
Nothing has changed. If Gnutls support is a priority, we always welcome a patch.
I'm a Debian user caught by their licensing trap, and I hateses compiling and revisioning one-off packages for something so simple.
If the gnuttls people had a finished compatibility layer, this would be easier. Last I looked, it was about 25% there, which wasn't helpful. Alan DeKok.
Greg wrote:
Hi all,
Are there still plans to add in GnuTLS support for freeradius, or have those died? I looked through the mail archives and found references to people wanting to do it in 2003 and 2006, against pre-2.0 code, and wondered if things had changed (either in freeradius or gnutls) to make it more or less likely.
I'm a Debian user caught by their licensing trap, and I hateses compiling and revisioning one-off packages for something so simple.
This may or may not be relevant or helpful to you, but Red Hat and the Fedora project has slowly been migrating packages from OpenSSL to NSS (http://www.mozilla.org/projects/security/pki/nss). This is motivated by the fact NSS is FIPS-140 certified which is often a requirement in government and enterprise deployments, more conducive licensing, and a desire to consolidate crypto libraries for purely practical software management reasons. FreeRADIUS has been identified as a candidate for porting to NSS and is on the to-do list. When that porting work is completed you will have an alternative to OpenSSL. Please note this work has not yet begun and there is no target date yet, but volunteers to help would be greatly appreciated and of course would surely speed up the process :-) -- John Dennis <jdennis@redhat.com>
John Dennis wrote:
This may or may not be relevant or helpful to you, but Red Hat and the Fedora project has slowly been migrating packages from OpenSSL to NSS (http://www.mozilla.org/projects/security/pki/nss).
I'd prefer that to GNUtls, from what I've seen of the two systems.
Please note this work has not yet begun and there is no target date yet, but volunteers to help would be greatly appreciated and of course would surely speed up the process :-)
Getting volunteers is always the hard part. I don't know if I have much time for this, but I can coordinate to help address any architectural issues that make it difficult to do the NSS port. Alan DeKok.
participants (3)
-
Alan DeKok -
Greg -
John Dennis