OpenSSL is well known for huge amount of deadly security vulnerabilities, even before heartbleed.
It would be nice if I could avoid bringing in such a library just because of Kamailio - having support for GnuTLS will let the user to make such a choice.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/371
If anyone wants to contribute an alternative tls module using gnutls, that's of course very welcome.
For now, I just want to point the fact that openssl project got a lot of funds lately to conduct a cleanup and refactoring, which can change things rather soon. It appears to be the project still with most big companies backing it up. There is the libssl variant that supposed to be a curated openssl, not sure if it really got good traction. Also, iirc, gnutls lacked hardware acceleration support, which is relevant on big deployments.
Reviewing what is the best ssl lib out there would be good, if done properly, but I guess it require some resources to be able to allocate time for it.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/371#issuecomment-149054306
I think being able to use both would be a good thing. Just because OpenSSL has had a lot of vulnerabilities it has a lot of spotlight on it. GnuTLS has had a few too, but it hasn't really been that important as a library and the issues hasn't gotten as much attention.
Like Daniel says, if anyone steps forward and wants to maintain such a module I would be very happy.
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/371#issuecomment-149123514
FTR http://lists.sip-router.org/pipermail/sr-dev/2012-May/015302.html :-P
--- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/371#issuecomment-153514886
With libssl/openssl having a lot of refactoring and improvements done lately, I think having a gnutls alternative is no longer a pressure. I am closing this one here to get it out of expected features to be added as part of project development, but if anyone wants to contribute, it is more than welcome!
Maybe we should create a wish list on the wiki to collect feature request that are nice to have, but not an immediate priority -- can be a source of inspiration for people that want to contribute.
Wiki page created:
* https://www.kamailio.org/wiki/devel/new-features-requests
Closed #371.
-
Daniel-Constantin Mierla -
Olle E. Johansson
-
Victor Seva
-
zabbal