[Linux-ha-dev] GnuTLS, OpenSSL and management daemon
Horms
horms at verge.net.au
Tue Aug 16 03:17:38 MDT 2005
On Tue, Aug 16, 2005 at 05:05:29PM +0800, Huang Zhen wrote:
> Hi,
>
> I am working on the GUI now.
> We need a security connection between the remote GUI client and the
> management daemon.
> As we know that the most popular OpenSSL has some license issue, refer
> to horms's email, or http://www.gnome.org/~markmc/openssl-and-the-gpl.html
>
> So we have following choices:
> 1. add the exception cause as OpenSSL request.
This is my second preferance (3 is my first).
I believe that statement can be restricted only
to the code that uses OpenSSL. Perhaps thats an
argument for option 2. I'd need to think about
it some more. But licencing fun and games seem
dangerous at best.
> 2. seperate the transport layer from management daemon to avoid link to
> OpenSSL, and make the transport layer as a seprate program or daemon.
This really only moves the licence problem.
> 3. use GnuTLS. Who has experience about GnuTLS? Any comment?
I think this is the best option, assuming it works.
> 4. IPsec, it needs above 2.6 or it must patch on kernel as I know.
This isn't really an option, as its not an aplication level feature.
> I prefer the GnuTLS, however I never used it before.
> Would you please give your suggestions on this issue?
> Any opinions are welcome!
--
Horms
More information about the Linux-HA-Dev
mailing list