Add libreSSL to oe-core?

[Randy MacLeod <randy.macleod@windriver.com>]

Should oe-core add libressl as an alternative to openssl and other
OE SSL/TLS implementations?

We had a request from a customer to add LibreSSL so I was wondering
about the plans of the Yocto community and indeed of the larger Linux
distro community.

Libressl claims (aims?) to be  a more stable, secure TLS implementation
then OpenSSL. It was initially only for OpenBSD but it supports a
variety of platforms now:
    http://www.libressl.org/releases.html
The CVE history enthusiastically summarized on Wikipedia:
    https://en.wikipedia.org/wiki/LibreSSL
does indicate that libressl has been vulnerable to fewer CVEs than
openssl so far. I quickly reviewed:
    https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
but perhaps someone on the list has more direct experience, knowledge
and/or opinions of implementations of TLS? Note that the libressl devs
has stated that they have no interest in FIPS 140-2 certification:
    http://marc.info/?l=openbsd-misc&m=139819485423701&w=2
so that could be a problem for some users.


Other than Arch, and openSUSE Factory build, it seems that no
major linux distro has added libressl:
    http://pkgs.org/search/libressl

An OE libressl recipe is not current indexed:
 
http://layers.openembedded.org/layerindex/branch/master/recipes/?q=libressl

If I search more broadly:
    http://layers.openembedded.org/layerindex/branch/master/recipes/?q=ssl

I see that the OE community does have recipes for:
   gnutls, nss, polarssl (now mbed TLS) and wolfssl.

So what do you think of libressl?

-- 
# Randy MacLeod. SMTS, Linux, Wind River
Direct: 613.963.1350 | 350 Terry Fox Drive, Suite 200, Ottawa, ON, 
Canada, K2K 2W5