MySQL Lists are EOL. Please join:

List:Internals« Previous MessageNext Message »
From:Clint Byrum Date:August 2 2017 3:16pm
Subject:Re: yaSSL replacement plan
View as plain text  
There is a minority position (mostly Debian) that you actually cannot
link OpenSSL and MySQL because the licenses are not compatible. But either
way, the official binaries are statically linked and that is a more clear
cut case where the end product would be under two incompatible licenses
and in violation of the system library exception to the GPL (and AFAIK,
there are more copyright holders than Oracle in MySQL's code base these
days, so they can't just violate the license with impunity).

But statically linking WolfSSL in and distributing would be fine, as
they have the same license (GPLv2).

So what I suggest is that MySQL engineering merge that patch, remove
old and busted yaSSL from the tree, and distribute their binaries with
WolfSSL statically linked.

Excerpts from Steven Danneman's message of 2017-08-01 17:51:17 -0700:
> Clint,
> 
> I can always build from source and link OpenSSL. And I know there is a
> WolfSSL patch available at:
> 
> https://github.com/wolfSSL/mysql-patch
> 
> My question is, when will the official MySQL Community Edition provided
> binaries, which are also provided in many distros, ship with a yaSSL
> replacement built in?
> 
> Steven Danneman
> Security Engineer
> Security Innovation | Seattle, WA
> 
> On 08/01/2017 05:00 PM, Clint Byrum wrote:
> > It should work fine with WolfSSL: 
> >
> > https://wolfssl.com/wolfSSL/Home.html
> >
> > Perhaps don't vendor it, and just depend on it?
> >
> > Excerpts from Steven Danneman's message of 2017-08-01 16:28:10 -0700:
> >> Hello,
> >>
> >> The MySQL Community Edition TLS implementation (yaSSL) is getting
> >> outdated, and lacking in support for several newer features like TLS1.2.
> >> I believe further development on yaSSL has ceased, and so it seems that
> >> a full replacement of the library is necessary to stay up to date with
> >> secure TLS best practices.
> >>
> >> Are there plans for updating the TLS library used in the Community
> >> Edition? If so what's the new targeted library and release candidate?
> >>
> >> Thanks,
> >>
Thread
yaSSL replacement planSteven Danneman1 Aug
  • Re: yaSSL replacement planClint Byrum2 Aug
    • Re: yaSSL replacement planSteven Danneman2 Aug
      • Re: yaSSL replacement planClint Byrum2 Aug