On Mon, Jun 30, 2014 at 5:05 AM, Howard Chu <hyc(a)symas.com> wrote:
The only reason GnuTLS support exists in OpenLDAP is because of
Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
Sounds good to me. So a patch that removes gcrypt entirely looks like:
(I assume the explicit threading setup is important, if not maybe the
gnutls_global_set_mutex part could be removed too...)
That requires gnutls 2.12.0 or newer, so then I think we can also
remove the compatibility code for older versions:
Just tell us at which version of GnuTLS you switched to nettle and
that the minimum supported version.
Debian builds gnutls with nettle starting from 3.0.0. The API used in
tls_g.c is all backend agnostic though. I tried with 2.12.20 (with
gcrypt backend) and everything looks fine in slapd and clients
including the threading setup. I think 2.12.0 as minimum version would
be fine, and then nettle vs gcrypt only matters for smbk5pwd users.
Thanks for considering my patches.