[Date Prev][Date Next] [Chronological] [Thread] [Top]

Patch for OpenLDAP to use gnutls instead of OpenSSL (ITS#2628)

Full_Name: Steve Langasek
Version: 2.1.17
OS: Debian GNU/Linux
URL: ftp://ftp.openldap.org/incoming/gnutls-2.1.17.patch
Submission from: (NULL) (

The submitted patch adds support for OpenLDAP to use gnutls as a preferred TLS
implementation instead of OpenSSL/SSLeay.  The patch is motivated by licensing
concerns; Debian understands that the terms of the GPL do not let us ship GPL
applications linked against GPL-incompatible libraries when both are components
of the operating system, and that the certain terms of the OpenSSL license are
incompatible with the GPL in jurisdictions where those license terms are
enforceable.  Since LDAP support is increasingly important for many Linux
applications, many of which are GPLed, a GPL-compatible libldap is needed, and
we see this port as the best way to accomplish that.

The portions of the patch which touch existing files are made available under
the terms of version 2.7 of the OpenLDAP Public License, where copyright can
even be asserted (I believe most of these changes are so trivial as to be
ineligible for copyright protection).  As noted on the mailing list, the license
on the wholly original files in the patch (include/ldap_pvt_gnutls.h,
libraries/libldap/gnutls.c) is LGPL.  I understand this license causes some
concern, and would point out that there are already files in the OpenLDAP
distribution (config.sub, config.guess) that are GPLed and that the autoconf
test can easily be reversed to give preference to OpenSSL.  If you still have
issues with the license, please don't hesitate to discuss with me, however.