nettle support? (was: Re: Unbound 1.5.7 release)

Robert Edmonds edmonds at debian.org
Mon Jun 27 16:12:56 UTC 2016


W.C.A. Wijngaards via Unbound-users wrote:
> - Fix #594. libunbound: optionally use libnettle for crypto.
>   Contributed by Luca Bruno.  Added --with-nettle for use with
>   --with-libunbound-only.

Hi,

I've received a request to enable this by default in the Debian package
of libunbound:

    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828699

    Currently, GnuTLS cannot be compiled with DANE support as that would
    require linking against libunbound2; that is unsuitable since
    libunbound2 links against OpenSSL.  As of unbound 1.5.7, compiling
    against libnettle is supported for libunbound2.  Doing so would allow
    GnuTLS (and other GPL-licensed software) to make use of libunbound2.
    Could you please do so?

Before I do that, I'd like to determine if the nettle support is
considered production ready, and if so will it be supported long term?
Is there any reason to prefer the current OpenSSL crypto implementation
in Unbound, other than it existing longer?

Thanks!

-- 
Robert Edmonds
edmonds at debian.org



More information about the Unbound-users mailing list