GnuTLS and FreeRADIUS
wichert at wiggy.net
Tue Mar 24 20:09:20 CET 2009
Previously Alan DeKok wrote:
> Carolin Latze wrote:
> > I was searching for some time now and I found a lot of messages from
> > people who wanted to replace the OpenSSL dependencies in FreeRADIUS with
> > GnuTLS. But so far it seems, that nobody really did that, is that right?
> > Or has there been work on that and it failed for some reason? To be
> > honest I have absolutely no idea how complicated that will be but at
> > least I don't expect it to be easy. :)
> It's hard. The GNUTLS stuff contains wrappers for OpenSSL. However,
> they also got a number of things in their API wrong. (From what I recall
> about the last time I checked). This made using GnuTLS difficult.
I've also seen a lot of timeout-related problems with MTAs compiled to
use GNUTLS. Given the choice I'ld recommend everyone to use OpenSSL
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Freeradius-Devel