I would like to officially announce that at NICE we have been working on a TLS backend for glib using Openssl. This still lives on the wip/openssl branch of glib-networking but hopefully next cycle we will manage to merge it to master.
Why are we not using the gnutls that is already implemented? There are a few reasons for it:
- We needed TLS support on Windows. You may say, but gnutls is built on windows with mingw! Well, we are using Visual Studio and it does not build with it.
- Our product has to run at least on RHEL 6, which means, we would have needed to port the current gnutls backend to the old version shipped there, it would have been possible but at the end of the day we wanted to have the same code base on both platforms.
- We depend also on cyrus-sasl which already depends on openssl, so we didn’t want to ship two TLS backends and have twice the bugs.
During the time that I spent implemented this backend I came to the conclusion that TLS is really hard! And it would have been harder if glib-networking didn’t have all those great unit tests. Thanks to all the people that wrote them.