Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL or CDSA for Portable TLS?

Posted by Cliff on from the minimizing-work-at-the-source-level dept.

bfrog asks: "I'm looking for a portable C/C++ client & server TLS library for Windows, Linux, Solaris, and Mac OS X. The license must be commercial-code-friendly. It seems like the choices are: the old standby OpenSSL; or CDSA . Apple makes a convincing argument for CDSA over OpenSSL in this PDF document , but I'm having trouble finding a mature CDSA implementation that's ready to go on all of these platforms. Perhaps I should use the best CDSA implementation for each given platform, and hope that the API's are compatible. That is, after all, the point of CDSA, right? Any suggestions?"

11 comments

  1. Go with OpenSSL . . . by edward.virtually@pob · · Score: 2, Insightful

    CDSA is another attempt by Apple to drain developers and users from truely open solutions, gaining them free development work on the one hand and lock-in on the other.

    1. Re:Go with OpenSSL . . . by norwoodites · · Score: 2

      Actually it is Intel that is doing it, as Apple's source is based on Intel's.

    2. Re:Go with OpenSSL . . . by Apathy+costs+bills · · Score: 1

      Well, Intel and Apple. Notice that the license is "OSI approved" rather than GPL? This means that code contributed to the CDSA can be pulled into closed source projects, unlike OpenSSL code which must remain free.

      Avoid at all costs, I say.

      --
      Kill Trolls Dead. Here's
  2. Mozilla NSS? by akeru · · Score: 1

    Have you considered using the mozilla security libs? I know they are cross platform for one and I'm pretty sure you can just use them without linking to the entire beast. (Evolution uses NSS for S/MIME, SSL and TLS)

    --

    Let's hope that there's intelligent life somewhere out in space 'Cause there's bugger-all down here on Earth.

    1. Re:Mozilla NSS? by kriston · · Score: 1

      I'm working on using NSS for a web server SSL module project. It was brought to my attention by someone that OpenSSL is good for a web server but not for a web server or web client that needs to support client certificate chaining and online certificate revocation checking. Those two requirements are on the hot list of this project.

      The only think about NSS that worries me is the Netscape Portable Runtime part and how well it works with our own threaded runtime.

      Kris

      --

      Kriston

  3. Any suggestions? by Anonymous Coward · · Score: 0

    Nope. I don't even know what you're talking about.

    Hope that helps!

  4. Another vote for OpenSSL by WasterDave · · Score: 2

    Doesn't look like a very convincing case to me.

    Dave

    --
    I write a blog now, you should be afraid.
    1. Re:Another vote for OpenSSL by bfrog · · Score: 1

      Why not? A simplified API. Better certificate management (which is a pain). Theoretically portable API.

      Can you be more specific why OpenSSL is better?
      thanks.

  5. that's FUD or you're lazy by bfrog · · Score: 1

    I linked to an open source CDSA project on Freshmeat, which you're too lazy to look at. That, or you're simply spreading FUD. To save you the effort of clicking, the CDSA 2 project supports the following operating systems according to Freshmeat:.

    Operating System :: Microsoft, Microsoft :: Windows, Microsoft :: Windows :: Windows 95/98/2000, Microsoft :: Windows :: Windows NT/2000, OS Independent, POSIX, POSIX :: AIX, POSIX :: HP-UX, POSIX :: Linux, Unix

  6. Article Author Says . . . by edward.virtually@pob · · Score: 1

    "I'm having trouble finding a mature CDSA implementation that's ready to go on all of these platforms." This would suggest that usable multi-platform support does not actually exist, despite the "CDSA 2" project page on freshmeat claims to the contrary.