On SSL library support
Michael Stahl
mstahl at redhat.com
Fri May 4 03:09:15 PDT 2012
On 04/05/12 02:30, Patrick McCarty wrote:
> Hello,
>
> Due to a license conflict with a project I was working on, I had the
> task of building LibreOffice without OpenSSL support.
hi Patrick,
yes imho the OpenSSL license is annoying (perhaps the only still widely
used library with that obnoxious advertising clause).
> To accomplish this, I replaced the relevant code from the OOX module
> that uses the OpenSSL API (from oox/source/core/filterdetect.cxx) to use
> the NSS API instead, and made some makefile adjustments to get things
> compiling and linking properly. The other system dependencies of
> LibreOffice that use OpenSSL by default were compiled to use NSS or
> GnuTLS instead (e.g. curl, neon, and gnome-vfs2), so I didn't have to
> worry about any "indirect" dependencies on OpenSSL.
that sounds great, can't wait to see your patches!
> I realize that a more appropriate solution would be to conditionally
> compile the two code paths using WITH_OPENSSL and WITH_NSS after adding
> configure flags (--with-openssl and --with-nss) so that packagers can
> select the preferred SSL library.
> Is there any interest in adding this type of multiple/fallback SSL
> library support to LibreOffice?
i don't really get the point of supporting 2 different crypto libraries
(given that we don't really offer anything in terms of re-usable
libraries ourselves here, we just ship an application that needs crypto
stuff done); it just seems to add additional complexity, and bloat to
the installation sets, and we have to keep 2 different bundled libraries
that do the same thing up to date with security fixes etc.
of course replacing OpenSSL dependencies with GnuTLS doesn't help in
that regard, it only helps with the licensing issues you have.
seems the Fedora project is standardizing on NSS for crypto applications:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation
there is also a compatibility library that wraps an OpenSSL-like
interface around NSS, that could perhaps be useful to ease the migration:
http://fedoraproject.org/wiki/Nss_compat_ossl
regards,
michael
More information about the LibreOffice
mailing list