GnuTLS (libgrypt really) and Postfix

Victor Duchovni Victor.Duchovni at MorganStanley.com
Tue Feb 14 12:47:42 EST 2006


On Tue, Feb 14, 2006 at 12:44:39PM +1000, James A. Donald wrote:

> Absent exception handling, mission critical tasks should have no
> exceptions, which is best accomplished by the die-on-error standard.
> 

Absent good library design, the developer's goals are best accomplished
with the roll-your-own standard.

If the authors of libgrypt instead of saying "sorry, we know, it is a
difficult problem, we are working on it", instead become defensive and
erect false dichotomies to defend the developer from his own folly, I
can add libgrypt to my list of tools to avoid when building large systems.

As I said before, Postfix does not use GnuTLS directly, rather it is
sometimes a victim of libgrypt design via GnuTLS imbedded in the system
LDAP library.

The current libgrypt is IMHO not suitable for linking into LDAP libraries,
database client-server communication libraries, SMTP servers...

As for Postfix, it does entropy gathering out-of-process (in the tlsmgr(8)
daemon). The SMTP server and client daemons get entropy indirectly from
tlsmgr(8) to seed their internal PRNG. Postfix uses OpenSSL, and error
conditions in OpenSSL are recoverable (Postfix can and will return 454 in
response to STARTTLS, fatal errors are not appropriate in this context).
Postfix makes use of error reporting hooks in MySQL, PgSQL, SASL, OpenSSL,
(non-GnuTLS) OpenLDAP... none of these have been reported to abruptly
terminate the calling process instead of reporting errors to the caller.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list