View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001495 | libmicrohttpd | build system | public | 2009-09-19 12:18 | 2010-07-26 23:33 |
| Reporter | epienbro | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 0.4.2 | ||||
| Summary | 0001495: Use system-wide GNUTLS if it's available instead of using the internal copy | ||||
| Description | This bug was forwarded from a Fedora bugreport: https://bugzilla.redhat.com/show_bug.cgi?id=519443 : libmicrohttpd includes its own version of GnuTLS and a stripped down minitasn1 based on libtasn1. Not only does this increase the size of the libraries for no real reason, it might even be a security problem, since a security updates for GnuTLS will likely take longer to appear in the libmicrohttpd tree, and in Fedora eventually (cf. https://fedoraproject.org/wiki/Packaging/Guidelines#Duplication_of_system_libraries). Would it be possible to use the system-wide copy of GNUTLS if it's installed instead of an internal copy? | ||||
| Tags | No tags attached. | ||||
|
|
I agree that the situation is not nice. The long-term goal for me right now is to totally replace gnuTLS (since it manages to both be inadequate and bloated for the specific job at hand). I also should note that the TLS libs in MHD are significantly different from gnuTLS already (because of local modifications in our tree more than due to gnuTLS modifications). We'll keep this bug also open until a "nice" solution has been found. |
|
|
How can it be inadequate, shouldn't it do exactly what you want? (I'm considering the library myself for another project, so I'd be interested in general, and not an advocate for a particular library). On the other hand, although it might seem "bloated" (again, why does it?), it might be a good idea to off-load the development effort to the gnuTLS team in order to be free to work on libmicrohttpd and save double effort. |
|
|
Bloated: simply many features that are rarely, if ever needed (bunches of TLS extensions, older versions of SSL, certificate creation, support for SSL clients, etc.) for MHD. Inadequate: the API is not workable with a select loop (requires use of blocking IO with threads). I don't know if the GNUtls team can be convinced to fundamentally change their API, and since their goals are to support TLS broadly (client & server -- which is fine for their project), I don't see them removing features just because MHD does not need them. |
|
|
The "bloatedness" shouldn't be a real problem, as long as you just don't use the unecessary features, right? The API issue though is real. But this I'd guess is something that can be talked about with upstream, as it seems like a useful feature. Maybe they also have some snippets around to use it in a way that mimics a select loop. Have you talked to them about the issues? What is the alternative plan? Having yet another SSL/TLS implementation around is probably neither useful nor wanted by many (it's just too easy to shoot yourself in the foot). What alternatives are you otherwise looking at? An interesting read could be http://fedoraproject.org/wiki/FedoraCryptoConsolidation |
|
|
Fixed in SVN HEAD. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-09-19 12:18 | epienbro | New Issue | |
| 2009-09-24 07:42 | root | Note Added: 0003884 | |
| 2009-09-28 08:38 | timn | Note Added: 0003885 | |
| 2009-11-15 14:33 | Christian Grothoff | Note Added: 0003892 | |
| 2009-11-15 14:37 | Christian Grothoff | Status | new => assigned |
| 2009-11-15 14:37 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2009-11-15 14:37 | Christian Grothoff | Status | assigned => acknowledged |
| 2009-11-15 15:58 | timn | Note Added: 0003902 | |
| 2010-07-26 20:10 | Christian Grothoff | Note Added: 0004076 | |
| 2010-07-26 20:10 | Christian Grothoff | Status | acknowledged => resolved |
| 2010-07-26 20:10 | Christian Grothoff | Resolution | open => fixed |
| 2010-07-26 23:33 | Christian Grothoff | Status | resolved => closed |
