Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?
-
Hallo Community,
as far as I know Qt SSL requires OpenSSL. OpenSSL is C.
There is a C++ SSL Implementation called Botan. It looks nicer for me.
Since Qt is C++ it would make sense to stick with C++ Libraries as well.
Botan is Apache License 2.0.
What's the most annoying thing on C Code is: I checked their (OpenSSL and GNUTLS) DTLS examples:
All Variables are declared on the top of the function which forces you to remember their type (if you are not reading the code in the IDE which shows the type in a tooltip). Usage of Makros doesn't help since the types are not shown there. Especially they are polluting the global space with Enums and MAKROs.In my opinion C++ Libraries are making less headaches.
-
This is a discussion more suited for Qt development mailing list.
I don't think depending on OpenSSL is an issue. It is, after all, an industry standard, regularly patched for better security. And Qt uses it internally so you as a Qt user do not have to bother with interacting with OpenSSL at all. You just link to it and that's it - all Qt network-related code will use secure connections with OpenSSL.
-
@SeppyQT said in Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?:
commercial products are usign OpenSSL too?
Yes.
Hasn't Microsoft a SSL Implementation in their API?
I don't know.
-
I know BoringSSL from Google is an OpenSSL fork.
Is s2n from Amazon based on OpenSSL?
So what SSL Implementations are there which are not based on OpenSSL?
Botan
GnuTLS
MatrixSSL (Now InsideSecure SSL Toolkit)
BouncyCastle
JSSE (Oracle)
mbedTLS
SChannel
NSS (Mozilla)
the one from Apple -
I don't know, it's not really my area. I know I've used only OpenSSL, and when I had to use the library itself it was quite easy to find/make custom C++ wrappers for it (example: https://github.com/milosolutions/mcrypto).
I don't quite get the purpose and current direction of this conversation anymore. Do you want to replace OpenSSL use in Qt with anything other than OpenSSL? Are you looking for a good crypto library for your own project?
-
Because OpenSSL is industry standard
-
@SeppyQT said in Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?:
I was wondering why OpenSSL is used in many projects even there are suitable Alternatives for it. Like Botan as C++ library for C++ Projects.
As Konstantin said. And it is an industry standard because:
- history
- it works
- it's stable
- it's been audited multiple times
- people are trying to break it constantly
- and yet it remains secure
-
@SeppyQT said in Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?:
In my opinion C++ Libraries are making less headaches.
What headaches did you encounter while trying to use SSL in Qt? How will switching from OpenSSL to Botan cure those headaches?
-
I am working on multiple projects (which are connected). One was DTLS GUI and DTLS console.
Now I am trying to build a GUI Cert Manager to partially automate my Certificate creation (for internal use).
Is it possible to create a CA root Certificate ?
And sign other certs with it? -
This doesn't have anything to do with Qt. Just read openssl manuals, it allows to create CA and sign certificates with a few simple commands
-
@SeppyQT said in Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?:
Is it possible to create a CA root Certificate ?
And sign other certs with it?yes, you'll be creating self-signed certificates so be aware that such certificates are not meant to be used in a public environment as browsers or tools (i.e. curl) will refuse (at least initially) to create the secure connection
And with this question it looks like you're slightly moving away from the original topic. Would it be worth to create a new post for that?
-
@SeppyQT said in Brainstorm: Qt SSL is based on OpenSSL (C). Why not change to Botan (C++) ?:
I am working on multiple projects (which are connected). One was DTLS GUI and DTLS console.
Now I am trying to build a GUI Cert Manager to partially automate my Certificate creation (for internal use).
Is it possible to create a CA root Certificate ?
And sign other certs with it?I still don't see how switching to Botan will help anyone.
-
One issue for GPLed projects is the licence terms for OpenSSL (at least for the 1.x versions) they include a couple of advertising clauses which means that it cannot be distributed with something that is licenced with the GPL (either 2.0 or 3.0)! This isn't a new issue https://bugreports.qt.io/browse/QTBUG-38400 dates from 2014 - yet strangely there is this blog from a KDE person about their experiments with making a Qt wrapper around GNUTLS in 2012 https://blogs.kde.org/2012/01/14/using-gnutls-qtcpsocket .