RFC: Adding Mac support to secur32/schannel.c

[Henri Verbeet]

On 28 January 2011 17:36, Juan Lang <juan.lang at gmail.com> wrote:
> What's the issue with building GnuTLS?  Is it that GnuTLS doesn't
> support the Mac Keychain?  Is it that it's an external dependency?  If
> the latter, we already pull in quite a bit that isn't found on the
> Mac, so the incremental change isn't large.
>
Note that I wasn't actually involved in any of this on the CodeWeavers
side, but I think for CodeWeavers the consideration would be that we'd
prefer to not be in the business of distributing GnuTLS, since it's
extra stuff to carry around, and you'd have to keep track of security
issues, etc. Although I think it's perfectly reasonable to ask Wine
users, regardless of OS, to install GnuTLS if they want Schannel
support, I don't think the same thing is necessarily reasonable to ask
of CrossOver users.

On the other hand, as a Wine (and Free Software in general) developer
I'm not so convinced this would really be beneficial to Wine either.

> I do see two problems with the general plan.  One isn't specific to
> your plan:  schannel as it is is buggy.  We don't know where the bugs
> are, and they've languished for a long time.  Your proposed plan
Sadly some of that is probably my responsibility. The original plan
was to implement server support after the client code went in, and
then use that for writing tests. It didn't quite turn out that way,
mostly due to wined3d taking priority.

On 30 January 2011 20:31, James McKenzie <jjmckenzie51 at earthlink.net> wrote:
> The point is that MacOSX has built-in TLS support out of the box.  Why build
> GNU TLS when using MacOSX when it is not needed???
>
To reduce complexity and maintenance overhead of the Wine schannel code.