[PATCH] Libressl

[PATCH] Libressl

[Andreas Enge]

[-- Attachment #1: Type: text/plain, Size: 441 bytes --]

Hello,

the attached patch adds libressl. As you can see, it is quite a bit simpler
than the openssl package, which already inspires confidence. I think we
should add the package; the next question would be whether we should switch
all inputs from openssl to libressl. I tried it for fetchmail, and it works
just the same.

I also wonder whether we should not unite gnutls.scm and openssl.scm into
one tls.scm.

What do you think?

Andreas


[-- Attachment #2: 0001-gnu-Add-libressl.patch --]
[-- Type: text/plain, Size: 2244 bytes --]

From 5e84bb645666deb410181cf24501c449597ebc4c Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Mon, 15 Jun 2015 13:45:34 +0200
Subject: [PATCH] gnu: Add libressl.

* gnu/packages/openssl.scm (libressl): New variable.
---
 gnu/packages/openssl.scm | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/openssl.scm b/gnu/packages/openssl.scm
index dec51a1..0185d45 100644
--- a/gnu/packages/openssl.scm
+++ b/gnu/packages/openssl.scm
@@ -113,4 +113,38 @@ servers or clients for more complicated applications.")
     (license (package-license perl))
     (home-page "http://search.cpan.org/~mikem/Net-SSLeay-1.66/")))
 
-
+(define-public libressl
+  (package
+    (name "libressl")
+    (version "2.2.0")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append
+             "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-"
+             version ".tar.gz"))
+      (sha256 (base32
+               "0h1haqb4y39p1zihwvnr1ib0zfq5bcqfnbj5jm9l4j2xibrxi44n"))))
+    (build-system gnu-build-system)
+    (native-search-paths
+      ;; FIXME: These two variables must designate a single file or directory
+      ;; and are not actually "search paths."  In practice it works OK in
+      ;; user profiles because there's always just one item that matches the
+      ;; specification.
+     (list (search-path-specification
+            (variable "SSL_CERT_DIR")
+            (files '("etc/ssl/certs")))
+           (search-path-specification
+            (variable "SSL_CERT_FILE")
+            (files '("etc/ssl/certs/ca-certificates.crt")))))
+    (home-page "http://www.libressl.org/")
+    (synopsis "SSL/TLS implementation")
+    (description "LibreSSL is a version of the TLS/crypto stack forked
+from OpenSSL in 2014, with the goals of modernizing the codebase, improving
+security, and applying best practice development processes.")
+    ;; Files taken from OpenSSL keep their license, others are under various
+    ;; non-copyleft licenses.
+    (license (list license:openssl
+                   (license:non-copyleft
+                     "file://COPYING"
+                     "See COPYING in the distribution.")))))
-- 
2.2.1

Re: [PATCH] Libressl

[Mark H Weaver]

Andreas Enge <andreas@enge.fr> writes:

> the attached patch adds libressl. As you can see, it is quite a bit simpler
> than the openssl package, which already inspires confidence. I think we
> should add the package;

Agreed.

> the next question would be whether we should switch
> all inputs from openssl to libressl. I tried it for fetchmail, and it works
> just the same.

I would be in favor of trying this in core-updates.  I have a lot more
confidence in the security of LibreSSL than OpenSSL.  The name
"LibreSSL" also better reflects the values of the free software
movement, which is a nice bonus.

> I also wonder whether we should not unite gnutls.scm and openssl.scm into
> one tls.scm.

Sounds good to me.

> +    ;; Files taken from OpenSSL keep their license, others are under various
> +    ;; non-copyleft licenses.
> +    (license (list license:openssl
> +                   (license:non-copyleft
> +                     "file://COPYING"
> +                     "See COPYING in the distribution.")))))

The COPYING file says that the OpenSSL code is under the OpenSSL license
and the new contributions are under ISC or public domain, so how about
this instead?

    (license (list license:openssl
                   license:isc)))))

   Thank you!
      Mark

Re: [PATCH] Libressl

[Andreas Enge]

On Mon, Jun 15, 2015 at 04:15:40PM -0400, Mark H Weaver wrote:
> The COPYING file says that the OpenSSL code is under the OpenSSL license
> and the new contributions are under ISC or public domain, so how about
> this instead?
>     (license (list license:openssl
>                    license:isc)))))

I read the file, but did not realise it corresponded to a license we already
have. Anyway, the claim seems to be wrong.

For instance, ssl/bio_ssl.c starts with this:

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

This is inspired by the OpenSSL license, but not the same.


Then, tls/strsep.c starts like this:

/*-
 * Copyright (c) 1990, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

This is BSD-3 in which "the author" has been replaced by "the University"
or "THE REGENTS AND CONTRIBUTORS".

Admittedly, I did not check all the source files.

Andreas

Re: [PATCH] Libressl

[Mark H Weaver]

Andreas Enge <andreas@enge.fr> writes:

> On Mon, Jun 15, 2015 at 04:15:40PM -0400, Mark H Weaver wrote:
>> The COPYING file says that the OpenSSL code is under the OpenSSL license
>> and the new contributions are under ISC or public domain, so how about
>> this instead?
>>     (license (list license:openssl
>>                    license:isc)))))
>
> I read the file, but did not realise it corresponded to a license we already
> have. Anyway, the claim seems to be wrong.
>
> For instance, ssl/bio_ssl.c starts with this:

The license you pasted is the original SSLeay License, whereas
<https://www.gnu.org/licenses/license-list.html#OpenSSL> says:

  The license of OpenSSL is a conjunction of two licenses, one of them
  being the license of SSLeay.  You must follow both.  [...]

However, I see now that this is a bit confusing, and we made a mistake
in our 'license' field of our OpenSSL package.  My casual reading of the
above text led me believe that the "OpenSSL License" is itself a
conjunction of the two licenses, but I see that
<http://directory.fsf.org/wiki/License:OpenSSL> does not include the
SSLeay license.

So, I think we should add 'ssleay' to (guix licenses) and then add it to
the license field of 'openssl' along with a comment explaining that the
requirements of both (all?) licenses must be followed.

> Then, tls/strsep.c starts like this:
>
> /*-
>  * Copyright (c) 1990, 1993
>  *	The Regents of the University of California.  All rights reserved.
>  *
>  * Redistribution and use in source and binary forms, with or without
>  * modification, are permitted provided that the following conditions
>  * are met:
>  * 1. Redistributions of source code must retain the above copyright
>  *    notice, this list of conditions and the following disclaimer.
>  * 2. Redistributions in binary form must reproduce the above copyright
>  *    notice, this list of conditions and the following disclaimer in the
>  *    documentation and/or other materials provided with the distribution.
>  * 3. Neither the name of the University nor the names of its contributors
>  *    may be used to endorse or promote products derived from this software
>  *    without specific prior written permission.
>  *
>  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
>  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
>  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>  * SUCH DAMAGE.
>  */
>
> This is BSD-3 in which "the author" has been replaced by "the University"
> or "THE REGENTS AND CONTRIBUTORS".

Good catch!  This is another omission from the license field of our
'openssl' package.  The Debian packagers missed this one as well.

However, these omissions are not remedied by citing "file://COPYING",
since that file has the same omissions and does not even include the
text of the ISC license.

So, in summary, I think the 'openssl' license field should be changed to
something like this:

    (license (list license:openssl
                   license:ssleay
                   (license:non-copyleft
                    "file://tls/strsep.c"
                    "Slightly modified BSD-3.  See tls/strsep.c in the source distribution")))))

and 'libressl' should be the same but with 'license:isc' added as well.
What do you think?

> Admittedly, I did not check all the source files.

If you find any more, they should be added to the appropriate license
fields.

Thanks for your vigilance!

     Mark

Re: [PATCH] Libressl

[Andreas Enge]

On Mon, Jun 15, 2015 at 05:16:06PM -0400, Mark H Weaver wrote:
> The license you pasted is the original SSLeay License, whereas
> <https://www.gnu.org/licenses/license-list.html#OpenSSL> says:
>   The license of OpenSSL is a conjunction of two licenses, one of them
>   being the license of SSLeay.  You must follow both.  [...]
> 
> However, I see now that this is a bit confusing, and we made a mistake
> in our 'license' field of our OpenSSL package.  My casual reading of the
> above text led me believe that the "OpenSSL License" is itself a
> conjunction of the two licenses, but I see that
> <http://directory.fsf.org/wiki/License:OpenSSL> does not include the
> SSLeay license.
> 
> So, I think we should add 'ssleay' to (guix licenses) and then add it to
> the license field of 'openssl' along with a comment explaining that the
> requirements of both (all?) licenses must be followed.

So this looks essentially like a bug in
   https://www.gnu.org/licenses/license-list.html#OpenSSL
Would you like to report it (where?)?
Then it would be good if the SSLeay license could be added as
   org/wiki/License:...
before we add it to our license collection.

Andreas

Re: [PATCH] Libressl

[Ludovic Courtès]

Mark H Weaver <mhw@netris.org> skribis:

> Andreas Enge <andreas@enge.fr> writes:

[...]

>> the next question would be whether we should switch
>> all inputs from openssl to libressl. I tried it for fetchmail, and it works
>> just the same.
>
> I would be in favor of trying this in core-updates.

I think this should rather be tried in a specific libressl branch, so
that issues are clearly identified.

But yeah, if that works well, it probably makes sense to switch to
LibreSSL by default.

Thanks,
Ludo’.

Re: [PATCH] Libressl

[Andreas Enge]

[-- Attachment #1: Type: text/plain, Size: 308 bytes --]

On Mon, Jun 15, 2015 at 04:15:40PM -0400, Mark H Weaver wrote:
> Andreas Enge <andreas@enge.fr> writes:
> > I also wonder whether we should not unite gnutls.scm and openssl.scm into
> > one tls.scm.
> Sounds good to me.

The attached patch does the first half of the change. Is it okay to push it?

Andreas


[-- Attachment #2: 0001-gnu-Rename-module-gnutls-to-tls.patch --]
[-- Type: text/plain, Size: 33549 bytes --]

From 08b82e31d9b371209f51a30aee7e9615fa58c710 Mon Sep 17 00:00:00 2001
From: Andreas Enge <andreas@enge.fr>
Date: Fri, 3 Jul 2015 21:41:22 +0200
Subject: [PATCH] gnu: Rename module gnutls to tls.

* gnu/packages/gnutls.scm: Rename to...
* gnu/packages/tls.scm: ... this.  Change module name accordingly.
* gnu/packages/{admin.scm, cups.scm, curl.scm, dc.scm, dns.scm, emacs.scm,
  ftp.scm, gnome.scm, gnunet.scm, gnupg.scm, gsasl.scm, lynx.scm,
  mail.scm, messaging.scm, package-management.scm, shishi.scm,
  task-management.scm, version-control.scm, video.scm, vpn.scm,
  webkit.scm, weechat.scm, wget.scm, wine.scm, xml.scm}: Adapt module
  import to new name.
* gnu-system.am (GNU_SYSTEM_MODULES): Rename gnutls module to tls.
---
 gnu-system.am                       |   2 +-
 gnu/packages/admin.scm              |   2 +-
 gnu/packages/cups.scm               |   4 +-
 gnu/packages/curl.scm               |   4 +-
 gnu/packages/dc.scm                 |   2 +-
 gnu/packages/dns.scm                |   2 +-
 gnu/packages/emacs.scm              |   2 +-
 gnu/packages/ftp.scm                |   2 +-
 gnu/packages/gnome.scm              |   2 +-
 gnu/packages/gnunet.scm             |   2 +-
 gnu/packages/gnupg.scm              |   2 +-
 gnu/packages/gnutls.scm             | 175 ------------------------------------
 gnu/packages/gsasl.scm              |   2 +-
 gnu/packages/lynx.scm               |   2 +-
 gnu/packages/mail.scm               |   2 +-
 gnu/packages/messaging.scm          |   4 +-
 gnu/packages/package-management.scm |   4 +-
 gnu/packages/shishi.scm             |   2 +-
 gnu/packages/task-management.scm    |   2 +-
 gnu/packages/tls.scm                | 175 ++++++++++++++++++++++++++++++++++++
 gnu/packages/version-control.scm    |   2 +-
 gnu/packages/video.scm              |   2 +-
 gnu/packages/vpn.scm                |   2 +-
 gnu/packages/webkit.scm             |   2 +-
 gnu/packages/weechat.scm            |   2 +-
 gnu/packages/wget.scm               |   2 +-
 gnu/packages/wine.scm               |   2 +-
 gnu/packages/xml.scm                |   2 +-
 28 files changed, 205 insertions(+), 205 deletions(-)
 delete mode 100644 gnu/packages/gnutls.scm
 create mode 100644 gnu/packages/tls.scm

diff --git a/gnu-system.am b/gnu-system.am
index 35e94b7..3053b9f 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -128,7 +128,6 @@ GNU_SYSTEM_MODULES =				\
   gnu/packages/gnunet.scm			\
   gnu/packages/gnupg.scm			\
   gnu/packages/gnustep.scm			\
-  gnu/packages/gnutls.scm			\
   gnu/packages/gnuzilla.scm			\
   gnu/packages/gnu-pw-mgr.scm			\
   gnu/packages/gperf.scm			\
@@ -294,6 +293,7 @@ GNU_SYSTEM_MODULES =				\
   gnu/packages/texlive.scm			\
   gnu/packages/textutils.scm			\
   gnu/packages/time.scm				\
+  gnu/packages/tls.scm				\
   gnu/packages/tmux.scm				\
   gnu/packages/tor.scm				\
   gnu/packages/tre.scm				\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 960264b..bc9214e 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -41,7 +41,7 @@
   #:use-module (gnu packages tcl)
   #:use-module (gnu packages compression)
   #:use-module ((gnu packages openssl) #:prefix o:)
-  #:use-module (gnu packages gnutls)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index 8d86cd6..68302ff 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -30,9 +30,9 @@
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages pdf)
-  #:use-module (gnu packages pkg-config))
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages tls))
 
 (define-public cups-filters
   (package
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 1e72a57..f5cb503 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -25,7 +25,6 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gsasl)
   #:use-module (gnu packages libidn)
@@ -33,7 +32,8 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages ssh))
+  #:use-module (gnu packages ssh)
+  #:use-module (gnu packages tls))
 
 (define-public curl
   (package
diff --git a/gnu/packages/dc.scm b/gnu/packages/dc.scm
index 4692244..de4cda1 100644
--- a/gnu/packages/dc.scm
+++ b/gnu/packages/dc.scm
@@ -20,10 +20,10 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages tls)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index f0c103a..1b7fc8b 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -18,10 +18,10 @@
 
 (define-module (gnu packages dns)
   #:use-module (gnu packages databases)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages openssl)
   #:use-module (gnu packages perl)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 2502f29..d8d6e7b 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -33,7 +33,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages gnutls)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages xorg)
diff --git a/gnu/packages/ftp.scm b/gnu/packages/ftp.scm
index 790ffc6..acd69ad 100644
--- a/gnu/packages/ftp.scm
+++ b/gnu/packages/ftp.scm
@@ -27,7 +27,7 @@
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages gnutls)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages compression))
 
 (define-public lftp
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 3882a7a..0ec5ea2 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -52,7 +52,6 @@
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
   #:use-module (gnu packages ghostscript)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages iso-codes)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages linux)
@@ -69,6 +68,7 @@
   #:use-module (gnu packages qt)  ; for libxkbcommon
   #:use-module (gnu packages compression)
   #:use-module (gnu packages texlive)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages webkit)
   #:use-module (gnu packages xorg)
diff --git a/gnu/packages/gnunet.scm b/gnu/packages/gnunet.scm
index 78279b0..162bf83 100644
--- a/gnu/packages/gnunet.scm
+++ b/gnu/packages/gnunet.scm
@@ -28,7 +28,6 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages libidn)
@@ -41,6 +40,7 @@
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xiph)
   #:use-module ((guix licenses) #:prefix license:)
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 637212a..432409b 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -22,7 +22,6 @@
 (define-module (gnu packages gnupg)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (gnu packages curl)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pth)
@@ -33,6 +32,7 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages tls)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
diff --git a/gnu/packages/gnutls.scm b/gnu/packages/gnutls.scm
deleted file mode 100644
index 415ea7a..0000000
--- a/gnu/packages/gnutls.scm
+++ /dev/null
@@ -1,175 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
-;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages gnutls)
-  #:use-module ((guix licenses) #:select (lgpl2.0+ lgpl2.1+ bsd-3))
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix utils)
-  #:use-module (guix build-system gnu)
-  #:use-module (gnu packages compression)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages guile)
-  #:use-module (gnu packages libffi)
-  #:use-module (gnu packages libidn)
-  #:use-module (gnu packages nettle)
-  #:use-module (gnu packages perl)
-  #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages base))
-
-(define-public libtasn1
-  (package
-    (name "libtasn1")
-    (version "4.5")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
-                          version ".tar.gz"))
-      (sha256
-       (base32
-        "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
-    (build-system gnu-build-system)
-    (native-inputs `(("perl" ,perl)
-
-                     ;; XXX: For some reason, libtasn1.info wants to be
-                     ;; rebuilt, so we must provide 'makeinfo'.
-                     ("texinfo" ,texinfo)))
-    (home-page "http://www.gnu.org/software/libtasn1/")
-    (synopsis "ASN.1 library")
-    (description
-     "GNU libtasn1 is a library implementing the ASN.1 notation.  It is used
-for transmitting machine-neutral encodings of data objects in computer
-networking, allowing for formal validation of data according to some
-specifications.")
-    (license lgpl2.0+)))
-
-(define-public p11-kit
-  (package
-    (name "p11-kit")
-    (version "0.23.1")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
-                          version ".tar.gz"))
-      (sha256
-       (base32
-        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
-      (modules '((guix build utils))) ; for substitute*
-      (snippet
-        '(begin
-           ;; Drop one test that fails, also when trying to compile manually.
-           ;; Reported upstream at
-           ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
-           (substitute* "Makefile.in"
-             (("test-module\\$\\(EXEEXT\\) ") ""))))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("libffi" ,libffi)
-       ("libtasn1" ,libtasn1)))
-    (arguments
-     `(#:configure-flags '("--without-trust-paths")))
-    (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
-    (synopsis "PKCS#11 library")
-    (description
-     "p11-kit provides a way to load and enumerate PKCS#11 modules.  It
-provides a standard configuration setup for installing PKCS#11 modules
-in such a way that they are discoverable.  It also solves problems with
-coordinating the use of PKCS#11 by different components or libraries
-living in the same process.")
-    (license bsd-3)))
-
-(define-public gnutls
-  (package
-    (name "gnutls")
-    (version "3.4.1")
-    (source (origin
-             (method url-fetch)
-             (uri
-              ;; Note: Releases are no longer on ftp.gnu.org since the
-              ;; schism (after version 3.1.5).
-              (string-append "mirror://gnupg/gnutls/v"
-                             (version-major+minor version)
-                             "/gnutls-" version ".tar.xz"))
-             (sha256
-              (base32
-               "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
-    (build-system gnu-build-system)
-    (arguments
-     '(#:configure-flags
-       (list (string-append "--with-guile-site-dir="
-                            (assoc-ref %outputs "out")
-                            "/share/guile/site/2.0")
-             ;; GnuTLS doesn't consult any environment variables to specify
-             ;; the location of the system-wide trust store.  Instead it has a
-             ;; configure-time option.  Unless specified, its configure script
-             ;; attempts to auto-detect the location by looking for common
-             ;; places in the filesystem, none of which are present in our
-             ;; chroot build environment.  If not found, then no default trust
-             ;; store is used, so each program has to provide its own
-             ;; fallback, and users have to configure each program
-             ;; independently.  This seems suboptimal.
-             "--with-default-trust-store-dir=/etc/ssl/certs"
-
-             ;; FIXME: Temporarily disable p11-kit support since it is not
-             ;; working on mips64el.
-             "--without-p11-kit")
-
-       #:phases (modify-phases %standard-phases
-                  (add-after
-                   'install 'move-doc
-                   (lambda* (#:key outputs #:allow-other-keys)
-                     ;; Copy the 4.1 MiB of section 3 man pages to "doc".
-                     (let* ((out    (assoc-ref outputs "out"))
-                            (doc    (assoc-ref outputs "doc"))
-                            (mandir (string-append doc "/share/man"))
-                            (oldman (string-append out "/share/man/man3")))
-                       (mkdir-p mandir)
-                       (copy-recursively oldman mandir)
-                       (delete-file-recursively oldman)
-                       #t))))))
-    (outputs '("out"                              ;4.4 MiB
-               "debug"
-               "doc"))                            ;4.1 MiB of man pages
-    (native-inputs
-     `(("pkg-config" ,pkg-config)
-       ("which" ,which)))
-    (inputs
-     `(("guile" ,guile-2.0)
-       ("perl" ,perl)))
-    (propagated-inputs
-     ;; These are all in the 'Requires.private' field of gnutls.pc.
-     `(("libtasn1" ,libtasn1)
-       ("libidn" ,libidn)
-       ("nettle" ,nettle)
-       ("zlib" ,zlib)))
-    (home-page "http://www.gnu.org/software/gnutls/")
-    (synopsis "Transport layer security library")
-    (description
-     "GnuTLS is a secure communications library implementing the SSL, TLS
-and DTLS protocols.  It is provided in the form of a C library to support the
-protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
-required structures.")
-    (license lgpl2.1+)))
diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm
index d5de2f2..3caeb1a 100644
--- a/gnu/packages/gsasl.scm
+++ b/gnu/packages/gsasl.scm
@@ -19,10 +19,10 @@
 (define-module (gnu packages gsasl)
   #:use-module (gnu packages)
   #:use-module (gnu packages compression)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages nettle)
   #:use-module (gnu packages shishi)
+  #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
index ebca50d..713f5d5 100644
--- a/gnu/packages/lynx.scm
+++ b/gnu/packages/lynx.scm
@@ -25,8 +25,8 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages libidn)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages zip)
   #:use-module (gnu packages compression))
 
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index d14fdc7..00f31b0 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -41,7 +41,6 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages gsasl)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages guile)
@@ -64,6 +63,7 @@
   #:use-module (gnu packages flex)
   #:use-module (gnu packages gdb)
   #:use-module (gnu packages samba)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
   #:use-module ((guix licenses)
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 50d59cf..a71b112 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -35,14 +35,14 @@
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages python)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages tcl)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages check)
   #:use-module (gnu packages admin)
-  #:use-module (gnu packages linux))
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages tls))
 
 (define-public libotr
   (package
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 3da9df9..f0ccf6a 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -29,7 +29,6 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages databases)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages graphviz)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages autotools)
@@ -41,7 +40,8 @@
   #:use-module (gnu packages man)
   #:use-module (gnu packages emacs)
   #:use-module (gnu packages openssl)
-  #:use-module (gnu packages bdw-gc))
+  #:use-module (gnu packages bdw-gc)
+  #:use-module (gnu packages tls))
 
 (define (boot-guile-uri arch)
   "Return the URI for the bootstrap Guile tarball for ARCH."
diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm
index 47e7802..30351fb 100644
--- a/gnu/packages/shishi.scm
+++ b/gnu/packages/shishi.scm
@@ -21,12 +21,12 @@
 (define-module (gnu packages shishi)
   #:use-module ((guix licenses) #:select (gpl3+))
   #:use-module (gnu packages)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages tls)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
diff --git a/gnu/packages/task-management.scm b/gnu/packages/task-management.scm
index e77aecb..340475c 100644
--- a/gnu/packages/task-management.scm
+++ b/gnu/packages/task-management.scm
@@ -19,9 +19,9 @@
 (define-module (gnu packages task-management)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
+  #:use-module (gnu packages tls)
   #:use-module (guix download)
   #:use-module (guix build-system cmake))
 
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
new file mode 100644
index 0000000..31ce1b3
--- /dev/null
+++ b/gnu/packages/tls.scm
@@ -0,0 +1,175 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
+;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages tls)
+  #:use-module ((guix licenses) #:select (lgpl2.0+ lgpl2.1+ bsd-3))
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages guile)
+  #:use-module (gnu packages libffi)
+  #:use-module (gnu packages libidn)
+  #:use-module (gnu packages nettle)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages texinfo)
+  #:use-module (gnu packages base))
+
+(define-public libtasn1
+  (package
+    (name "libtasn1")
+    (version "4.5")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "mirror://gnu/libtasn1/libtasn1-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "1nhvnznhg2aqfrfjxc8v008hjlzkh5831jsfahqk89qrw7fbbcw9"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("perl" ,perl)
+
+                     ;; XXX: For some reason, libtasn1.info wants to be
+                     ;; rebuilt, so we must provide 'makeinfo'.
+                     ("texinfo" ,texinfo)))
+    (home-page "http://www.gnu.org/software/libtasn1/")
+    (synopsis "ASN.1 library")
+    (description
+     "GNU libtasn1 is a library implementing the ASN.1 notation.  It is used
+for transmitting machine-neutral encodings of data objects in computer
+networking, allowing for formal validation of data according to some
+specifications.")
+    (license lgpl2.0+)))
+
+(define-public p11-kit
+  (package
+    (name "p11-kit")
+    (version "0.23.1")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "http://p11-glue.freedesktop.org/releases/p11-kit-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "1i3a1wdpagm0p3y1bwaz5x5rjhcpqbcrnhkcp10p259vkxk72wz5"))
+      (modules '((guix build utils))) ; for substitute*
+      (snippet
+        '(begin
+           ;; Drop one test that fails, also when trying to compile manually.
+           ;; Reported upstream at
+           ;; https://bugs.freedesktop.org/show_bug.cgi?id=89027
+           (substitute* "Makefile.in"
+             (("test-module\\$\\(EXEEXT\\) ") ""))))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libffi" ,libffi)
+       ("libtasn1" ,libtasn1)))
+    (arguments
+     `(#:configure-flags '("--without-trust-paths")))
+    (home-page "http://p11-glue.freedesktop.org/p11-kit.html")
+    (synopsis "PKCS#11 library")
+    (description
+     "p11-kit provides a way to load and enumerate PKCS#11 modules.  It
+provides a standard configuration setup for installing PKCS#11 modules
+in such a way that they are discoverable.  It also solves problems with
+coordinating the use of PKCS#11 by different components or libraries
+living in the same process.")
+    (license bsd-3)))
+
+(define-public gnutls
+  (package
+    (name "gnutls")
+    (version "3.4.1")
+    (source (origin
+             (method url-fetch)
+             (uri
+              ;; Note: Releases are no longer on ftp.gnu.org since the
+              ;; schism (after version 3.1.5).
+              (string-append "mirror://gnupg/gnutls/v"
+                             (version-major+minor version)
+                             "/gnutls-" version ".tar.xz"))
+             (sha256
+              (base32
+               "0bmih0zyiplr4v8798w0v9g3215zmganq18n8935cizkxj5zbdg9"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags
+       (list (string-append "--with-guile-site-dir="
+                            (assoc-ref %outputs "out")
+                            "/share/guile/site/2.0")
+             ;; GnuTLS doesn't consult any environment variables to specify
+             ;; the location of the system-wide trust store.  Instead it has a
+             ;; configure-time option.  Unless specified, its configure script
+             ;; attempts to auto-detect the location by looking for common
+             ;; places in the filesystem, none of which are present in our
+             ;; chroot build environment.  If not found, then no default trust
+             ;; store is used, so each program has to provide its own
+             ;; fallback, and users have to configure each program
+             ;; independently.  This seems suboptimal.
+             "--with-default-trust-store-dir=/etc/ssl/certs"
+
+             ;; FIXME: Temporarily disable p11-kit support since it is not
+             ;; working on mips64el.
+             "--without-p11-kit")
+
+       #:phases (modify-phases %standard-phases
+                  (add-after
+                   'install 'move-doc
+                   (lambda* (#:key outputs #:allow-other-keys)
+                     ;; Copy the 4.1 MiB of section 3 man pages to "doc".
+                     (let* ((out    (assoc-ref outputs "out"))
+                            (doc    (assoc-ref outputs "doc"))
+                            (mandir (string-append doc "/share/man"))
+                            (oldman (string-append out "/share/man/man3")))
+                       (mkdir-p mandir)
+                       (copy-recursively oldman mandir)
+                       (delete-file-recursively oldman)
+                       #t))))))
+    (outputs '("out"                              ;4.4 MiB
+               "debug"
+               "doc"))                            ;4.1 MiB of man pages
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("which" ,which)))
+    (inputs
+     `(("guile" ,guile-2.0)
+       ("perl" ,perl)))
+    (propagated-inputs
+     ;; These are all in the 'Requires.private' field of gnutls.pc.
+     `(("libtasn1" ,libtasn1)
+       ("libidn" ,libidn)
+       ("nettle" ,nettle)
+       ("zlib" ,zlib)))
+    (home-page "http://www.gnu.org/software/gnutls/")
+    (synopsis "Transport layer security library")
+    (description
+     "GnuTLS is a secure communications library implementing the SSL, TLS
+and DTLS protocols.  It is provided in the form of a C library to support the
+protocols, as well as to parse and write X.5009, PKCS 12, OpenPGP and other
+required structures.")
+    (license lgpl2.1+)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index 15e6fb6..09f5a89 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -44,7 +44,6 @@
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages linux)
-;;   #:use-module (gnu packages gnutls)
   #:use-module (gnu packages nano)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages openssl)
@@ -60,6 +59,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages swig)
   #:use-module (gnu packages tcl)
+;;   #:use-module (gnu packages tls)
   #:use-module (gnu packages)
   #:use-module (ice-9 match)
   #:use-module (srfi srfi-1))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 0a0546e..07a8a33 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -49,7 +49,6 @@
   #:use-module (gnu packages glib)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
   #:use-module (gnu packages linux)
@@ -69,6 +68,7 @@
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages texlive)
   #:use-module (gnu packages textutils)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages web)
   #:use-module (gnu packages xdisorg)
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 62036d9..9144812 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -27,11 +27,11 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages openssl)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml))
 
 (define-public gvpe
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 0f3a44b..7fbb985 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -34,7 +34,6 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages gstreamer)
   #:use-module (gnu packages gtk)
@@ -44,6 +43,7 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ruby)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages video)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
diff --git a/gnu/packages/weechat.scm b/gnu/packages/weechat.scm
index a2e5348..6976586 100644
--- a/gnu/packages/weechat.scm
+++ b/gnu/packages/weechat.scm
@@ -31,13 +31,13 @@
   #:use-module (gnu packages tcl)
   #:use-module (gnu packages aspell)
   #:use-module (gnu packages curl)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages openssl)
   #:use-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages autogen)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages tls)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
diff --git a/gnu/packages/wget.scm b/gnu/packages/wget.scm
index 0cdb496..d1413a7 100644
--- a/gnu/packages/wget.scm
+++ b/gnu/packages/wget.scm
@@ -19,12 +19,12 @@
 
 (define-module (gnu packages wget)
   #:use-module (guix licenses)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages python)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages web)
   #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages tls)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu))
diff --git a/gnu/packages/wine.scm b/gnu/packages/wine.scm
index 5b0758c..938c8cb 100644
--- a/gnu/packages/wine.scm
+++ b/gnu/packages/wine.scm
@@ -32,7 +32,6 @@
   #:use-module (gnu packages ghostscript)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
@@ -42,6 +41,7 @@
   #:use-module (gnu packages photo)
   #:use-module (gnu packages samba)
   #:use-module (gnu packages scanner)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
 
diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
index c4ec33e..0fc51c5 100644
--- a/gnu/packages/xml.scm
+++ b/gnu/packages/xml.scm
@@ -25,9 +25,9 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages gnutls)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
-- 
2.2.1

Re: [PATCH] Libressl

[Andreas Enge]

On Fri, Jul 03, 2015 at 09:57:15PM +0200, Andreas Enge wrote:
> The attached patch does the first half of the change. Is it okay to push it?

I did, as there was no complaint; the next part (move openssl.scm into
tls.scm) will follow soon.

Andreas