On Wed, 2008-04-23 at 14:50 +0200, Dan Horák wrote: > Fedora started a project called Crypto Consolidation [1], [2] some time > ago. The conclusion is that for licensing and certification reasons we > will standardize on the NSS library. That's why I would like to start > adding support for NSS library into OpenHPI as a alternative to the > currently used OpenSSL library.
> If I have read the sources carefully, there are 2 areas in OpenHPI where > OpenSSL is used now - the first one is digest/hash computing in the > ipmidirect plugin and the second one is SSL support in the oa_soap and > ilo2_ribcl plugins. The first area can be done easily in parallel with > NSS primitives and for the second area it can be either reimplemented > for NSS or a compatibility library nss_compat_ossl could be used. I have > seen that some form of modular SSL/crypto support was just being added, > so I would like to coordinate my work with the one that is already in > progress. At this point, the new SSL library Renier created yesterday contains OpenSSL init code. It was necessary for the infrastructure to call this before starting any plugins. The direction I was pursuing was to move the rest of the SSL code from the OA plugin into the new SSL library. I don't think there's anything in the way of doing this immediately, so I'll make that change as soon as I can. From there, I will work with the iLO2 plugin maintainers to try to combine SSL library usage so that there's no SSL-specific code in either iLO2 or OA plugins. I believe these steps will be consistent with the overall direction you're proposing. >From there, I don't have an opinion on adding NSS support as an alternative to OpenSSL. I haven't studied NSS at all. Perhaps others here have thoughts on that. In any case, that could be a longer-term goal. Based on e-mail to this list the past week, I'd suggest starting a SourceForge feature request for adding NSS, so that we can track the request and any discussion on the subject. Bryan ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Openhpi-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openhpi-devel
