[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: moznss, gnutls, openssl

To: Chuck Theobald <chuckt@uoregon.edu>, openldap-technical@openldap.org
Subject: Re: moznss, gnutls, openssl
From: Howard Chu <hyc@symas.com>
Date: Fri, 24 Apr 2015 03:57:03 +0100
In-reply-to: <5537C332.8050809@uoregon.edu>
References: <5537C332.8050809@uoregon.edu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Chuck Theobald wrote:

What is the current wisdom regarding which tls library to use?

I've got a version 2.4.39 installation on RHEL 6.6 for which I cannot
get tls to work. I end up with the "TLS: can't connect: TLS error
-5938:Encountered end of file." error. Likely a misconfiguration of
moznss, though I followed one set of directions using certutil, but lack
the proper setting for my ldap TLSCACertificateFile.

My Debian-based ldap servers run with either openssl or gnutls.

Stick with OpenSSL - it's most heavily used, most frequently tested, andmost commonly documented. MozNSS is the oldest and most "mature" codebase but architecturally it is still very immature and it has a long wayto go before its design is generally usable. GnuTLS is a travesty.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- moznss, gnutls, openssl
  - From: Chuck Theobald <chuckt@uoregon.edu>

Prev by Date: Re: LMDB usage with long or variable length keys
Next by Date: Re: mis-identified self-signed cert
Index(es):
- Chronological
- Thread