On Thu, 22 May 2003, Stephen Frost wrote:
> I notice that you had OpenSSL support and later added GNUTLS support,
> which I appriciate and think is great. I was wondering if the people
> who did the work of adding GNUTLS support have any notes on how it was
> done, how difficult it was to add that support and any feelings on how
> good GNU TLS is?
I was sent a patch for GnuTLS support by one of the GnuTLS developers. I
installed GnuTLS on my workstation and tried out Exim with the patch. I
then spent a bit of time tidying up the code and sorting out the rough
edges. (The creator of the original patch, obviously, wasn't an Exim
internals expert.) However, I am not a GnuTLS expert (nor indeed an
OpenSSL expert). I haven't any experience of running either of them for
real.
The actual mechanics of the addition were reasonably straightforward,
because all the TLS stuff in Exim is in one source file. There are now
two subsidiary files that are included by this file - one for OpenSSL
and one for GnuTLS. My recollection is that the documentation for GnuTLS
was a bit more existant than for OpenSSL.
I hope this is helpful.
Philip
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book