William A. Rowe, Jr. wrote:
Critics/Advocates,Please, let's review this submission for objectionable characteristics in the API and put it to rest in New Orleans, rather than last minute firedrills when someone decides to champion the release of 1.4/2.0?
+1 to that.
I presume you've reviewed and addressed all of the previous objections of the apr_ssl interface before moving this development from sandbox back into trunk?
Yes, otherwise there would have been little point in the exercise. The whole thing was rewritten from scratch.
A key concern was that abstraction was even possible, and thus NSS and OpenSSL modules were developed simultaneously to prove that yes, abstraction is possible, and this time round a lot of work went into the test suite to show that the modules could interoperate, and under what conditions.
The Mozilla NSS community were very helpful in getting the NSS module to work, and a number of NSS fixes to error code paths have resulted from the effort.
The SSL code has been ignored for now, but not forgotten - it is far easier to digest bite sized pieces of code than swallow a large module whole.
I hope to translate any misunderstanding over how the API works into better documentation as well, so if anything isn't clear, please speak up.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
