[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL

gabriel@gritsch-soft.com wrote:
> Full_Name: Gabriel Gritsch
> Version: 2.4.39
> OS: Mac OS X 10.9.5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> Hi all,
> would it be possible to support Apples "Common Crypto Services" instead of
> OpenSSL because the OpenSSL-functions are marked as deprecated since OS X 10.7
> and produce a lot of warnings.

If someone submits a patch for this we will of course review and consider it. 
But in general, it sounds like a bad idea. In light of Apple's now-infamous 
"goto fail" bug 
it would be poor practice to migrate away from a security package that is now 
receiving broad and in-depth scrutiny, to one that only has Apple's assurances 
behind it. Also given Apple's success rate with security in general 
it seems like a poor choice.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/