https://bugs.openldap.org/show_bug.cgi?id=9303
Issue ID: 9303 Summary: Add support for WolfSSL as an alternative to OpenSSL Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: libraries Assignee: bugs@openldap.org Reporter: quanah@openldap.org Target Milestone: ---
For OpenLDAP 2.6, we should investigate adding support for WolfSSL as an alternative to OpenSSL.
https://bugs.openldap.org/show_bug.cgi?id=9303
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |development Target Milestone|--- |2.6.0
https://bugs.openldap.org/show_bug.cgi?id=9303
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.6.0 |2.7.0
https://bugs.openldap.org/show_bug.cgi?id=9303
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |SUSPENDED Status|UNCONFIRMED |RESOLVED Target Milestone|2.7.0 |---
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- patches welcome
https://bugs.openldap.org/show_bug.cgi?id=9303
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9303
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|SUSPENDED |--- Ever confirmed|0 |1 Status|VERIFIED |CONFIRMED Priority|--- |High Target Milestone|--- |2.7.0
--- Comment #2 from Howard Chu hyc@openldap.org --- I'm waking this back up. We should deprecate OpenSSL support, and we need a better alternative. Right now this seems to be the best candidate.
https://bugs.openldap.org/show_bug.cgi?id=9303
--- Comment #3 from Howard Chu hyc@openldap.org --- Possibly we could just adopt BoringSSL or LibreSSL instead, which would allow us to reuse almost all of our existing OpenSSL support code. Needs some more investigation.
https://bugs.openldap.org/show_bug.cgi?id=9303
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9952
https://bugs.openldap.org/show_bug.cgi?id=9303
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to Howard Chu from comment #3)
Possibly we could just adopt BoringSSL or LibreSSL instead, which would allow us to reuse almost all of our existing OpenSSL support code. Needs some more investigation.
BoringSSL doesn't appear to be provided for system use on any Linux distros. It's packaged on debian/ubuntu strictly for building Android apps.
LibreSSL appears to only be used on *BSDs. So neither of these two is a candidate for a general replacement of OpenSSL.
WolfSSL is available on Ubuntu at least, haven't checked other distros.
-
openldap-its@openldap.org