Closed dimkr closed 10 years ago
SSL tunneling isn't good enough, because it won't work in some cases (e.g SMTP serves with STARTTLS). Also, tunneling is not transparent - I don't want to add a wrapper for each application, which runs a tunneling tool. Moreover - the user has to configure the application so it uses localhost - e.g the mail server is localhost, not a remote server. Not very user friendly.
I started working on axTLS support in Dillo - the SSL compatibility layer isn't good enough and Dillo's https module is way too big. I #ifdefed the whole thing and now I'm debugging segfaults. Dillo's over-complicated multi-process design makes it extremely hard to debug.
EDIT: just got it to work - I can surf to Google, but not to GitHub because of some certificate-related issue.
Working on integration of LibreSSL, which saw its first Linux-compatible release. I patched it so it works against musl and even sent a pull request to upstream, but static linking is very problematic, because pretty much every package that depends on OpenSSL assumes libssl is linked with libcrypto.
Axtls has a demo that is close to stunnel.