Howard Chu, If you allow me to ask you something about gnutls directly, do you still stand behind the statement you made here, http://www.openldap.org/lists/openldap-devel/200802/msg00072.html i know it's out of date but you said 'the code is fundamentally broken'. I'm not knowledged about the internals of gnutls but i am very cusious if you changed your mind since then.
It's funny you ask... There was a spirited debate with one of the GnuTLS author's a while back about this, as they blogged that Howard was incorrect. Howard pointed out on the blog (<http://nmav.gnutls.org/2011/05/is-really-gnutls-considered-harmful.html>) that he was in fact still correct, and gave examples. After which the GnuTLS author deleted the entire conversation off of his blog, and locked it down. That, to me, says worlds about how "safe" one can consider GnuTLS.
--Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration