On Friday, 22 Mar 2002, Adam wrote:
> > I only have a small editorial nit. I was about to jump all over this
> > about the ssl support. I was *assuming* that you were linking with
> > openSSL, which causes MANY GPL related problems. (I wanted to incorporate
> > some of the code from ssldump to decode data inside of SSL streams, if the
> > private keys of the certificates used were available, but couldn't get
> > around the licensing issues)
>
> mind I ask what sort of problems. from quick look at openssl web site
> it seems like mixing GPL and OpenSSL is ok
>
> http://www.openssl.org/support/faq.html#LEGAL2
Well, without going and looking it up again, I believe this was the
situation: You can link Ethereal with OpenSSL only on platforms that
ship OpenSSL by default. Otherwise, OpenSSL would be "tainted" by
the GPL. So, since I can only tell whether OpenSSL is present, and
*not* if it is normally shipped with the OS, I didn't move forward.
Please, any legal gurus out there: Did I interpret the problem
correctly? Or, if OpenSSL is present, can we use it?
>
> > Anyway, please stop using the word SSL, and change it to HAVE_MD5, since
> > all you're doing is using MD5.
> >
> > Also, there are several free places to find MD5 and HMAC_MD5 source code.
> > You might, instead of relying on a library, simply use one and remove the
> > ifdef completely.
>
> except that they way I evisioned it the patch would be just an warm up for
> more complete cryto support elsewhere. In this particular case in LEAP.
> That would be at least M4,M5,DES,HMAC.
>
> Besides I would hate to see ethereal trying to *duplicate* every single
> package out of there in existence. Code reuse is good thing.
Ok. I understand your reasoning.
>
> if not OpenSSL then how about the SSL stuff from mozilla? aren't they LGPL
> ?
I don't have a clue.
--
David Frascone
The way to a man's heart is through the left ventricle.