[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] Red Hat/Fedora systems, OpenSSL and libevent



On Mon, Oct 3, 2011 at 4:18 PM, Oscar Koeroo <okoeroo@xxxxxxxxx> wrote:
> Hi,
>
> This is a bit a licensing question. Might not be the most popular topic, but
> I'll give it a shot.
>
> Currently the recent Fedora Core's and Red Hat Enterprise 6 force libnss-ssl
> on the software. Even libcurl is not made available in various SSL flavors,
> like on other platforms, e.g. Debian and OpenSuse have a preference, but
> offer alternative builds.

For more background, folks should see
http://fedoraproject.org/wiki/FedoraCryptoConsolidation and
http://fedoraproject.org/wiki/CryptoConsolidationEval

> I wondered if libevent would suffer similar restrictions or pushes from Red
> Hat to use libnss in favor of OpenSSL to be adopted in the main repos. What
> are your views and understandings in this regard?

I've heard nothing from Fedora in this regard.

I'd expect that most distributions would want to package libevent
separately from the libevent_openssl: that's why they build separate
libraries.  I have not tested libevent_openssl with libssl-nss; it
would be interesting to see how well it works.  I'd expect that using
sockets directly would work fine, but the filtering bufferevent
support might need more work.

> For our line of work we depend upon OpenSSL heavily, hence my inquiry about
> the matter. We also extend OpenSSL in some places and for our specific use
> cases.

I also use OpenSSL a bunch, which is why Libevent currently does its
SSL support via OpenSSL rather than NSS.

I've got nothing against NSS, though: I'd like to write (or accept a
patch for!) an NSPR-backed bufferevent implementation at some point.
Libevent is in large part a portability library; it shouldn't force
you to a particular crypto implementation.  In fact, this is why
Libevent's openssl library is called "libevent_openssl" rather then
"libevent_ssl": to leave room for a future libevent_nss,
libevent_gnutls, etc.

I'm not sure how licensing comes into it on our end: Libevent is
licensed under a 3-clause BSD license, which is compatible with nearly
everything.  (OpenSSL has a tricky license, inasmuch as its
advertising clause renders it incompatible with an unamended GPL, but
I don't believe that affects any libevent users who aren't using
OpenSSL.)

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.