On 2010-03-01 16:01, Peter Stuge wrote:
Lars Nordin wrote:
SSH can be used without DSA, but will break the RFC. It's up to the
enduser if he wants an SSH2 that break's the RFC (for me, the
client i', building will only talk with a openssh-server compiled
using the same OpenSSL-version (without DSA)
RFC compliance is really important for interoperability.
In a case such as yours, where you explicitly do not want wide
interoperability, non-compliance is of course fine.
But I think we must not silently build a non-compliant library, so at
the very least this needs to become a configure option;
--disable-rfc-compliance
maybe? The same knob might be used also for other things in the code.
//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
It can be a better way, my usage is special and can have as much
configure options as needed :-). My point was that LIBSSH2 already
contained RFC-non-compliant code, what I did was to extend the usage to
fully compile the code without references to DSA. So the patch should be
applied and then the next discussion, should the non-DSA usage for
LIBSSH2 have an extra configure option.
We should discuss the right things, not patches to fully use an compile
option, but the compile option.
/Lars
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
