On 29 janv. 2014, at 18:50, Konrad Rosenbaum <kon...@silmor.de> wrote:
> Hi, > > On Wednesday, Wednesday 29 January 2014 at 11:02, Koehne Kai wrote: > > > -----Original Message----- > > > From: development-bounces+kai.koehne=digia....@qt-project.org > > > [...] > > > Later on: when a plan has been found to expose the low-level OpenSSL API > > > to Qt this implementation could be changed to use OpenSSL and fall back > > > to qrand if it is not available. > > > > How about just making this plan A? > > > > Maybe I'm naïve, but that would just require that > > - qtwebsockets link against openssl directly (see e.g. > > qtbase/src/network/ssl/ssl.pri) > > The first problem I could see with this: is it binary compatible to later on > relax this requirement? > > Direct linking may also cause problems if QSslSocket for some strange reason > then tries to load a different version of OpenSSL later on... > > After reading myself a bit into the API: I don't think a fast start on this > is a particularly great idea. OpenSSL is not thread-safe per default and > needs some specific initialization for thread safety. This initialization > needs to be done EXACTLY once. > > In short: we need a unified interface into OpenSSL for Qt before we attempt > to do this. > > > - Use the API described in > > http://wiki.openssl.org/index.php/Random_Numbers to generate the random > > number. > > > > I also don't think you even need the 'no-openssl available' use case. > > While OpenSSL is commonly available on most systems. It may not be available > on all embedded platforms and it may not be the expected version. I can see > scenarios in which Websockets are needed, but OpenSSL is not available or not > desired by the user (e.g. embedded industrial apps that need to access some > networked resource with a very strange protocol[tm] while the boss insists > that he would run into export restrictions if he allowed OpenSSL). > > > Konrad If I may chime in, iOS officially doesn't provide OpenSSL and the documentation recommends to use Apple's own cryptographic framework. https://developer.apple.com/library/mac/DOCUMENTATION/Security/Conceptual/cryptoservices/GeneralPurposeCrypto/GeneralPurposeCrypto.html _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
