Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-432

Use GnuTLS for Windows builds instead of Schannel

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: N/A
    • Labels:
      None

      Description

      Since Schannel is closed source, it can be pretty difficult to debug when it doesn't work properly. CONC-417 / MDEV-13492 is an example of a bug with an unknown cause that has been very difficult to debug.

      We may want to consider using a different TLS library than Schannel.

      We can't use OpenSSL in MariaDB Connector/C's packages right now, because OpenSSL's custom license is incompatible with MariaDB Connector/C's LGPL license. There are plans to relicense OpenSSL with the Apache License 2.0, which would allow us to use it in MariaDB Connector/C's packages, but that process has not been completed.

      In contrast, GnuTLS is already licensed as LGPL, so it can be used in MariaDB Connector/C's packages already.

      If we moved from Schannel to GnuTLS on Windows, some potential changes are listed below.

      Losses:

      Gains:

      • MariaDB Connector/C doesn't support password-protected private keys when built with Schannel, but it does support them when built with GnuTLS.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              georg Georg Richter
              Reporter:
              GeoffMontee Geoff Montee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: