GNU TLS is problematic, switch back to OpenSSL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neon27 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libneon27-gnutls
As of Intrepid, it seems that a decision was made to compile packages requiring SSL / TLS support with GNU TLS instead of OpenSSL. This can cause problems for users in ordinary situations, e.g. see
http://
Although the GNU TLS developers' position on this is technically correct, it's unhelpful and somewhat pedantic.
Since the Ubuntu philosophy is more one of "make it work" (c.f. support for non-OSS drivers) rather than aligned with the FSF's purist stance, it would make sense to switch back to using OpenSSL as the SSL library for standard packages. Not only is it more mature and robust than the GNU package, it allows users to make decisions ... for example, svn built with OpenSSL will prompt the user as to whether or not to accept a certificate in which the digitalSignature flag is unset, rather than refusing to run.
dave@bowmore:
Linux bowmore 2.6.27-7-generic #1 SMP Tue Oct 14 18:38:59 UTC 2008 x86_64 GNU/Linux