GPL compatiblity

[EionRobb]

The libpurple plugin that you've written wouldn't be license-compatible with libpurple as libpurple is GPL and ceema uses OpenSSL which has GPL-incompatible licensing terms.

Can OpenSSL be removed from the project so that it can become GPL-compatible?

[hbruintjes]

I think so. It is used for SHA256 hashing and X509 certificate handling ,something other libraries can do as well. The prior may be handled by libsodium (when I was developing it had not yet landed in the Debian release of it, but maybe now it has), the latter perhaps by mTLS/PolarSSL or something along those lines. I'll have to look into it.

[EionRobb]

In terms of libpurple, there's a sha256 cipher you can use, or glib's sha256 checksum

libpurple also has support for certificate handling, though that might not be useful outside of the prpl - it's just a wrapper around NSS and GnuTLS's impl's though

[hbruintjes]

I looked into a bit more, turns out I used OpenSSL because of libcurl. I've added support for using the mbedTLS/cyaSSL variants thereof (since those support setting the CA certificate by callback). Of those two only mbedTLS makes the most sense since its Apache 2 licensed. It all very much depends in which curl library is shipped on the target platform.

[myxor]

Are there any news on this topic?

[hbruintjes]

Unfortunately not. I do not really have the time anymore to work at this project currently

[robert-scheck]

OpenSSL v3.0.0+ (however not v1.1.1 and older) are Apache License v2, thus I'm not sure if replacing OpenSSL by another implementation with the same license (e.g. mbedTLS) makes sense (rather simply keeping the OpenSSL support).