Possible fun project/todo list item?

[Mike Hearn]

The OpenSSL library we use in wininet/netconnection.c is a very unstable 
library, with somewhat odd licensing as well. By unstable I'm talking 
about the interfaces it exports: unfortunately they break backwards 
compatibility very frequently with the result that a build of Wine 
compiled on one system may bail out when using SSL on another, as the 
soname/abi of OpenSSL it's looking for has changed *yet again*.

This also means that some distros deliberately ship older versions and 
just backport security fixes, as upgrading OpenSSL to newer versions is 
quite painful. Fedora at least does this.

If anybody is looking for work to do then, addressing this problem may 
be useful. Probably the best way forward is to talk to the GnuTLS people 
(http://www.gnu.org/software/gnutls/gnutls.html) and see if you can get 
written confirmation from them that they have a strong commitment to 
binary compatibility (at least, more than OpenSSL does). It also seems 
to be a fairly stable project: the new maintainer is more focussed on 
portability enhancements and a slow release cycle than making huge 
changes to the code.

If so, it might be worth porting wininet over to GnuTLS, or 
alternatively, rather than remove the OpenSSL code just add code to use 
GnuTLS and then fall back to OpenSSL if it cannot be found (or vice-versa).

One interesting thing about GnuTLS is that it has some OpenSSL 
compatibility code, but from a look at their website it seems that this 
is GPLd. Maybe we could get an exemption from them.

The downside is that while OpenSSL is frequently going to not be found 
as it's the wrong version, GnuTLS is also not widely installed by 
default so it might not get us much in the short term.

The good news is that Gaim packages are often built against it, so in 
any modern distro that packages Gaim (which is a very popular chat 
client) in its repositories, there's a good chance GnuTLS is packaged as 
well.

thanks -mike