GnuTLS Update [LSARC/2008/341 FastTrack timeout 06/03/2008]

Jeff Cai Jeff.Cai at sun.com
Thu May 29 00:55:42 PDT 2008 

On Wed, 2008-05-28 at 12:16 -0500, Nicolas Williams wrote:
> On Wed, May 28, 2008 at 11:44:06PM +0800, Jeff Cai wrote:
> > I'd rather say 'important' is determined on the basis of technical
> > things since the implementation of TLS is in the core library. :)
> 
> "Important" is in the eye of the beholder.  If there are popular apps
> out there that need the libraries you're removing/not shipping, then
> those libraries are "important."
> 
> Rather than have a popularity contest, it might be better to resolve the
> legal issue.  And as for architecture, I agree with the comments that
> the ARC could review cases for including GPLv3 items that are then not
> included with any Sun-based distro of OpenSolaris (nor Solaris Nevada,
> nor any Solaris 10 updates, ...).  That may seem like hair splitting,
> but the i-team could do the integration and packaging work for all of
> GnuTLS and leave the GPLv3'ed components in packages that are integrated
> into the WOS nor published to the IPS repository until the the legal
> issues are resolved.

Here, I highlight the extra library which will not be shipped due to the
GPL V3 license restriction.

The extra library contains OpenPGP ,TLS/IA support, LZO compression and
the OpenSSL compatibility library.

Compared with 1.6.3, There are some changes in OpenPGP:

The function `gnutls_certificate_set_openpgp_keyserver' have been
removed.  There is no replacement functionality inside GnuTLS.  

All functions, types, and error codes related to OpenPGP trustdb
format have been removed.  The trustdb format is a non-standard
GnuPG-specific format, and we recommend you to use key rings instead.
The following have been removed:

 gnutls_certificate_set_openpgp_trustdb
 gnutls_openpgp_trustdb_init
 gnutls_openpgp_trustdb_deinit
 gnutls_openpgp_trustdb_import
 gnutls_openpgp_key_verify_trustdb
 gnutls_openpgp_trustdb_t
 GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED

The following functions has an added parameter of the (new) type
`gnutls_openpgp_crt_fmt_t'.  The type specify the format of the data
(binary or base64).  The functions are:
 gnutls_certificate_set_openpgp_key_file
 gnutls_certificate_set_openpgp_key_mem
 gnutls_certificate_set_openpgp_keyring_mem
 gnutls_certificate_set_openpgp_keyring_file

To improve terminology and align with the X.509 interface, some
functions have been renamed.  Compatibility mappings exists.  The old
and new names of the affected functions and types are:

        Old name                                New name
 gnutls_openpgp_key_t                    gnutls_openpgp_crt_t
 gnutls_openpgp_key_fmt_t                gnutls_openpgp_crt_fmt_t
 gnutls_openpgp_key_status_t             gnutls_openpgp_crt_status_t
 GNUTLS_OPENPGP_KEY                      GNUTLS_OPENPGP_CERT
 GNUTLS_OPENPGP_KEY_FINGERPRINT          GNUTLS_OPENPGP_CERT_FINGERPRINT
 gnutls_openpgp_key_init                 gnutls_openpgp_crt_init
 gnutls_openpgp_key_deinit               gnutls_openpgp_crt_deinit
 gnutls_openpgp_key_import               gnutls_openpgp_crt_import
 gnutls_openpgp_key_export               gnutls_openpgp_crt_export
 gnutls_openpgp_key_get_key_usage
gnutls_openpgp_crt_get_key_usage
 gnutls_openpgp_key_get_fingerprint
gnutls_openpgp_crt_get_fingerprint
 gnutls_openpgp_key_get_pk_algorithm
gnutls_openpgp_crt_get_pk_algorithm
 gnutls_openpgp_key_get_name             gnutls_openpgp_crt_get_name
 gnutls_openpgp_key_get_version          gnutls_openpgp_crt_get_version
 gnutls_openpgp_key_get_creation_time
gnutls_openpgp_crt_get_creation_time
 gnutls_openpgp_key_get_expiration_time
gnutls_openpgp_crt_get_expiration_time
 gnutls_openpgp_key_get_id               gnutls_openpgp_crt_get_id
 gnutls_openpgp_key_check_hostname
gnutls_openpgp_crt_check_hostname
 gnutls_openpgp_send_key                 gnutls_openpgp_send_cert

Interfaces  related to the extra library

Exported Interfaces:

           Interface                         Classification       
         ---------------                     --------------- 
         /usr/lib/libgnutls-extra.so.13.3.0     Volatile  
         /usr/lib/libgnutls-openssl.so.13.3.0   Volatile
         /usr/lib/pkgconfig/gnutls-extra.pc     Volatile
         /usr/include/gnutls/extra.h            Volatile
         /usr/include/gnutls/openssl.h          Volatile
         /usr/share/aclocal/libgnutls-extra.m4  Volatile

         Imported Interface:
         Interface                         Classification        
         ---------------                     --------------- 
         /usr/lib/libgcrypt.so.11               Volatile   

Jeff
> 
> Nico

More information about the opensolaris-arc mailing list