TLS/SSL implementations for PB ?

[USCode]

If, hypothetically, Fred decided to add TLS/SSL support to PB and assuming he would utilize an existing implementation ...
Which of the implementations listed in the following link would make most sense considering: licensing, development activity, library size, quality, etc. ?
http://en.wikipedia.org/wiki/Comparison ... mentations
Others?

[IdeasVacuum]

Well, you can see from the tables that none of them are perfect. A lib for PB must permit commercial use and if royalty payments are required, we need to know up-front what they are. The most annoying thing is that some of these developers do not publish prices, they want to put a price on your app.

[auser]

I've used OpenSSL and afterwards GnuTLS with PB and in my opinion GnuTLS is the way to go.

Without using threads I had success with both. But while I had serious troubles to find at least one usefull example how to use mutex the right way for openssl GnuTLS is almost threadsafe out of the box. There are a lot of openssl examples but most stop at the very first steps or just use "fork()" from linux which is something fully different than threads and not helpful if you would use it in windows afterwards (or with PB on linux). With GnuTLS just a few global init or deinit functions (like "gnutls_global_deinit") have to be used with care if you use threads but that's really ok and makes sense.

At the time when I implemented SSL and compared both GnuTLS already supported newer TLS versions (> 1.0) while openssl was a few versions behind. In meanwhile openssl even supports TLS version > 1.0 as far as I know so this should not be an issue anymore.

GnuTLS seems to became more and more a standard and replacement in the linux world because it uses LGPL and it seems distributors don't like the (liberal but non GPL-compatible) openssl license.

OpenSSL seems to include some cipher that might or might not be an issue regarding patents. OpenSSL FAQ tells you to consult a lawer regarding that and even give the hint how to exclude (if you build yourself). Every linux-distro that I've checked so far followed that exclude-hint and used the suggested "./config no-idea no-mdc2 no-rc5". In fact I've never found any openssl on any linux-distro that included it. However if you are not on linux this does not help you at all ... so if you don't like that question you have to "consult a lawer" or "compile your own openssl binaries" with that exclude yourself for windows.

OpenSSL on the other side supports some BIO that could get handy if you would avoid using PBs network function. Why would you do that? Because it's pretty hard to split up incoming connections events from incoming data events because select() and accept() are no different functions at server side from PBs network functions. It's both checked together by NetworkServerEvent(). Could be handy in some cases ... could be pretty annoying if you are using threads. But anyway it was easier for me to figure out how to use berkely sockets and GnuTLS than how to use OpenSSL in a threadsafe way.


Greetings,
auser

[IdeasVacuum]

That's good insight auser.

[Kukulkan]

You can also try to use libcurl to send SMTP mails supporting OpenSSL and therefore SSL/TLS connections. I believe you can find such code in the forum by searching for libcurl.

If not, you can drop me a PM and I can send you some snippet from our implementation for SMTP with libcurl.

Kukulkan

[IdeasVacuum]

...watchout for some of the procedures posted that convert Unicode to ASCII, because your text source may include Unicode chars that are not represented in ASCII.

[RichAlgeni]

@auser, could you post your GnuTLS wrapper please?

Thanks!