On 24 Jun 2012, at 12:01 AM, Stefan Fritsch wrote: > Openssl is not required, neither for apr nor for httpd. I propose to > import either crypt_blowfish or scrypt into apr, just like apr > contains some foreign sha1 and md5 code. This way we would not get an > additional external dependency.
APR-util has a crypto library to deal with this exact problem - the need for low level crypto functions without having to tightly bind ourselves to one toolkit over another, or import code. With the formal move by the Redhat people towards NSS as a shared crypto API, this becomes more important as time goes by. Ideally, like we have a generic synchronous encryption API, we should have a generic hash API too, so that the user can use whatever hash that the underlying toolkit provides. Regards, Graham --
smime.p7s
Description: S/MIME cryptographic signature
