[Development] Hacking guide for Qt's SSL Support
Robin Burchell
robin+qt at viroteck.net
Sun Jan 1 23:19:55 CET 2012
Hi,
2012/1/1 Andreas Aardal Hanssen <andreas at hanssen.name>:
> [*] http://www.gnu.org/software/gnutls/ - dropped because it clearly staged
> it was in early Alpha stage at the time, which I find to be really scary for
> a security framework, and currently I don't think the licensing looks very
> interesting. If OpenSSL does the job then why use GnuTLS?
For what it's worth, I used to work on an application supporting both
GnuTLS and OpenSSL. Our usage of OpenSSL ended up running into a few
obscure, very hard-to-track bugs thanks to really obtuse API. GnuTLS
had no such issues, and as such, was our recommended solution - and
I'm hard pressed to think of many cases of bugs that we ever heard of
that were caused by it.
With regards to the question of library independence, I'd still argue
that it's generally a good idea to be able to easily swap SSL
implementations, and to avoid exposing library-specific details to
clients. It's not something I feel too strongly about, though, as I
certainly don't have any intention to write a GnuTLS backend anytime
soon, even if it is something I'd enjoy seeing as a proof-of-concept.
With regards to licensing, GnuTLS's LGPL license is certainly a lot
more straightforward than the OpenSSL situation, but again, I don't
feel strongly about this personally.
$0.02,
Robin
More information about the Development
mailing list