[Privoxy-devel] HTTPS filtering in Privoxy
Fabian Keil
fk at fabiankeil.de
Tue Jun 2 10:03:20 UTC 2020
Vašek Švec <va.svec at gmail.com> wrote:
> My decision to use LibreSSL was based on the recommendation of one
> teacher in my university. I was checking the license and I didn't find
> any reason not to use it, but I'm not very good at licenses. I've chosen
> this library also because it supports SubjectAlternativeName parameter
> in generated certificates, so web browsers mark them as valid. It also
> supports APLN for HTTP/2. If it's not possible to use it due to license,
> do you have any preferred crypto library, which would support
> SubjectAlternativeName and which could be used instead?
Privoxy's git version sets the "Subject Alt Name" extension using mbedTLS:
https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff;h=eb2f24ac4eec86dff73194c4bc6a5f95dc66a007
The license conflict between the OpenSSL license and the GPL
is described here:
https://people.gnome.org/~markmc/openssl-and-the-gpl.html
It doesn't mean the LibreSSL support can't be legally added
but it means that legal distribution of binaries with
LibreSSL support enabled is limited to platforms that include
LibreSSL in the base system so the "special exception" from
section 3 of the GPLv2 applies.
One obvious example of such a platform is OpenBSD but of
course most Privoxy users that rely on distributed binaries
use different platforms.
One other TLS library that could be used is GnuTLS but
adding support for more libraries also complicates testing
and we currently have no automated tests for the TLS/SSL
code (and many other parts of Privoxy) ...
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20200602/304f07c3/attachment.bin>
More information about the Privoxy-devel
mailing list