From: James Cameron <james.cameron@hp.com>
To: linux-ppp@vger.kernel.org
Subject: Re: ppp 2.4.4 eap-tls patch
Date: Tue, 25 Jul 2006 23:03:08 +0000 [thread overview]
Message-ID: <20060725230308.GA5193@hp.com> (raw)
In-Reply-To: <44C5F014.40202@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2007 bytes --]
On Tue, Jul 25, 2006 at 01:31:53PM +0200, Marco d'Itri wrote:
> On Jul 25, James Cameron <james.cameron@hp.com> wrote:
> > Is there any reason why you couldn't use MatrixSSL?
>
> I would hate to see EAP-TLS depend on a niche license.
MatrixSSL is dual licensed, and last I checked the GPL is quite common
rather than being niche. It is unfortunate that it isn't LGPL, and
maybe that will stop the idea.
> I do not think I would enable EAP-TLS in the Debian package in this case
> since it would require pulling the MatrixSSL package in the base system.
Oh, certainly. Debian already has OpenSSL. Hopefully it would be a
build option to choose the appropriate dependency, and so the Debian
packaging would use the OpenSSL.
On Tue, Jul 25, 2006 at 05:17:33PM +0200, Jan Just Keijser wrote:
> - openwrt already provides support for openvpn, which in turn uses
> openssl so why is there a need to switch to matrixssl ?
OpenWrt is used on embedded systems with very low memory, and the
OpenVPN package occasionally cannot be used because of the dependency on
OpenSSL (415183 bytes). MatrixSSL is much smaller (41411 bytes), and is
already included in the base system for use by dropbear, the SSH
implementation.
> conclusion: for now, I won't be bothered to migrate my patch from
> openssl to gnutls or matrixssl any time soon. Others are most welcome to
> try , of course, and I am willing to test any patches that others provide.
No worries, I'll ponder it.
(I'm sensitive to the OpenSSL license because of the problems we had
getting an MPPE implementation accepted into the kernel. An early
implementation used source fragments from OpenSSL. The current
implementation does not use source from OpenSSL, but instead uses the
in-kernel crypto.)
--
James Cameron http://quozl.netrek.org/
HP Open Source, Volunteer http://opensource.hp.com/
PPTP Client Project, Release Engineer http://pptpclient.sourceforge.net/
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2006-07-25 23:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-25 10:19 ppp 2.4.4 eap-tls patch Jan Just Keijser
2006-07-25 11:04 ` James Cameron
2006-07-25 11:31 ` Marco d'Itri
2006-07-25 11:46 ` Jan Just Keijser
2006-07-25 15:17 ` Jan Just Keijser
2006-07-25 15:20 ` Marco d'Itri
2006-07-25 23:03 ` James Cameron [this message]
2006-07-25 23:07 ` Marco d'Itri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060725230308.GA5193@hp.com \
--to=james.cameron@hp.com \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.