[Adium-devl] Padlocks & Security
Evan Schoenberg
evan.s at dreskin.net
Thu Oct 18 03:49:53 UTC 2007
On Oct 17, 2007, at 11:38 PM, Colin Barrett wrote:
> Does using GnuTLS have any other advantages? (Shipping it means a
> codesize hit)
* It's officially supported by the libpurple team. We use OpenSSL
via a plugin from the OpenBSD team.
* There's a nasty crash which OpenSSL does after an unexpected
disconnection which has been around since the dawn of time for us and
which we've never been able to fix. GnuTLS does not experience this
crash.
* ???
Disadvantages:
* Codesize hit, as you mentioned
* Needs to be built either via fancy magic such as Augie has done
with Perian or on a PPC and an Intel machine, lipo'd together, and
kept around as a compiled binary for use in building Libpurple.framework
* ???
> Would it be possible to do add cert validation code for OpenSSL as
> well?
Andy had some code in progress this past summer which would hook the
OpenSSL plugin into the OS X cert validation stuff (Keychain.app and
so forth), which would be even awesomer. I have no idea if this cert
code in libpurple is currently easily accessible to such a system, and
last I heard Andy's cert project was stalled; I don't know if that's
changed.
-Evan
More information about the devel
mailing list