Possible fun project/todo list item?
Mike Hearn
m.hearn at signal.QinetiQ.com
Thu Sep 2 09:11:35 CDT 2004
The OpenSSL library we use in wininet/netconnection.c is a very unstable
library, with somewhat odd licensing as well. By unstable I'm talking
about the interfaces it exports: unfortunately they break backwards
compatibility very frequently with the result that a build of Wine
compiled on one system may bail out when using SSL on another, as the
soname/abi of OpenSSL it's looking for has changed *yet again*.
This also means that some distros deliberately ship older versions and
just backport security fixes, as upgrading OpenSSL to newer versions is
quite painful. Fedora at least does this.
If anybody is looking for work to do then, addressing this problem may
be useful. Probably the best way forward is to talk to the GnuTLS people
(http://www.gnu.org/software/gnutls/gnutls.html) and see if you can get
written confirmation from them that they have a strong commitment to
binary compatibility (at least, more than OpenSSL does). It also seems
to be a fairly stable project: the new maintainer is more focussed on
portability enhancements and a slow release cycle than making huge
changes to the code.
If so, it might be worth porting wininet over to GnuTLS, or
alternatively, rather than remove the OpenSSL code just add code to use
GnuTLS and then fall back to OpenSSL if it cannot be found (or vice-versa).
One interesting thing about GnuTLS is that it has some OpenSSL
compatibility code, but from a look at their website it seems that this
is GPLd. Maybe we could get an exemption from them.
The downside is that while OpenSSL is frequently going to not be found
as it's the wrong version, GnuTLS is also not widely installed by
default so it might not get us much in the short term.
The good news is that Gaim packages are often built against it, so in
any modern distro that packages Gaim (which is a very popular chat
client) in its repositories, there's a good chance GnuTLS is packaged as
well.
thanks -mike
More information about the wine-devel
mailing list