RFC: Adding Mac support to secur32/schannel.c
Damjan Jovanovic
damjan.jov at gmail.com
Tue Feb 1 02:02:33 CST 2011
On Tue, Feb 1, 2011 at 3:08 AM, Juan Lang <juan.lang at gmail.com> wrote:
> Hi Ken, thanks for the reply.
>
> > As Henri said, it's that it's a set of external dependencies (not just
> one; GnuTLS has its own dependencies) and that they are security-related.
> To the greatest extent practical, security-related libraries should come
> from one's distro or OS vendor.
>
> Sure, I can buy that. I'll note that OpenSSL is also available for
> the Mac, and already loaded by wininet and winhttp. It could be
> appropriate to move from GnuTLS to OpenSSL for schannel, so we'd only
> have a single implementation for both Linux and Mac in schannel.
>
>
OpenSSL seems like a bad idea. It has poor binary compatibility and
problematic FIPS 140 certification, and Fedora is dropping it in favour of
NSS:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
http://fedoraproject.org/wiki/CryptoConsolidationEval
OpenSSL isn't part of the LSB (while NSS is), so if we ever want to make a
Wine LSB package, it might be a good idea to get OpenSSL out of Wine
entirely. See also the August 2008 wine-devel thread about this:
http://www.winehq.org/pipermail/wine-devel/2008-August/068575.html
Damjan Jovanovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20110201/d14d9c3f/attachment.htm>
More information about the wine-devel
mailing list