[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL
From: hyc@symas.com
Date: Fri, 19 Sep 2014 16:59:26 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

gabriel@gritsch-soft.com wrote:
> Full_Name: Gabriel Gritsch
> Version: 2.4.39
> OS: Mac OS X 10.9.5
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (46.234.244.166)
>
>
> Hi all,
>
> would it be possible to support Apples "Common Crypto Services" instead of
> OpenSSL because the OpenSSL-functions are marked as deprecated since OS X 10.7
> and produce a lot of warnings.

If someone submits a patch for this we will of course review and consider it. 
But in general, it sounds like a bad idea. In light of Apple's now-infamous 
"goto fail" bug 
http://www.zdnet.com/apples-goto-fail-tells-us-nothing-good-about-cupertinos-software-delivery-process-7000027449/ 
it would be poor practice to migrate away from a security package that is now 
receiving broad and in-depth scrutiny, to one that only has Apple's assurances 
behind it. Also given Apple's success rate with security in general 
http://online.wsj.com/articles/apple-celebrity-accounts-compromised-by-very-targeted-attack-1409683803 
it seems like a poor choice.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#7944) Apples Common Crypto Services instea of OpenSSL
Next by Date: Re: (ITS#7944) Apples Common Crypto Services instea of OpenSSL
Index(es):
- Chronological
- Thread