[Development] Hacking guide for Qt's SSL Support

Richard Moore rich at kde.org
Mon Jan 2 13:06:58 CET 2012


On Sun, Jan 1, 2012 at 3:51 PM, Andreas Aardal Hanssen
<andreas at hanssen.name> wrote:
> Hi Richard, looks really good! For Qt 4, the idea was to have several
> backends like you write here. Still we ended up with only one, and it's not
> really that much of a well-define backend. Especially considering it's the
> only one ;-).

Yeah, there's no real internal API that a backend needs to implement
right now. We could do with a Lighthouse project for this. :-)

>
> The other options I imagined were GnuTLS [*], and using native SSL support
> should that exist.
>
> Today the backend separation is still around but it only complicates the
> code unless there truly are other backends to support.
>
> What are your thoughts on this?

I think that there may be a need in the future to use platform
specific SSL APIs. There is some additional complication right now,
but I suspect that if the backend API were factored out that the
complexity would be reduced quite a bit.

In terms of non-platform SSL backends, there have been some requests
for an NSS backend, but I'm not sure that NSS really meets the needs
of Qt at the moment. It reportedly has problems if you want to use it
as a client and a server at the same time, and is also designed much
more as an API for an application to use rather than a library. I have
been tempted to experiment with writing a backend using polarssl which
has a very clean API, but that wouldn't be something usable for Qt due
to both licensing issues and relatively limited functionality.

Cheers

Rich.

>
> Andreas
>
> [*] http://www.gnu.org/software/gnutls/ - dropped because it clearly staged
> it was in early Alpha stage at the time, which I find to be really scary for
> a security framework, and currently I don't think the licensing looks very
> interesting. If OpenSSL does the job then why use GnuTLS?
>
> --
> Andreas Aardal Hanssen



More information about the Development mailing list