[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL
- From: hyc@symas.com
- Date: Fri, 19 Sep 2014 16:59:26 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
gabriel@gritsch-soft.com wrote:
> Full_Name: Gabriel Gritsch
> Version: 2.4.39
> OS: Mac OS X 10.9.5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (46.234.244.166)
>
>
> Hi all,
>
> would it be possible to support Apples "Common Crypto Services" instead of
> OpenSSL because the OpenSSL-functions are marked as deprecated since OS X 10.7
> and produce a lot of warnings.
If someone submits a patch for this we will of course review and consider it.
But in general, it sounds like a bad idea. In light of Apple's now-infamous
"goto fail" bug
http://www.zdnet.com/apples-goto-fail-tells-us-nothing-good-about-cupertinos-software-delivery-process-7000027449/
it would be poor practice to migrate away from a security package that is now
receiving broad and in-depth scrutiny, to one that only has Apple's assurances
behind it. Also given Apple's success rate with security in general
http://online.wsj.com/articles/apple-celebrity-accounts-compromised-by-very-targeted-attack-1409683803
it seems like a poor choice.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/