Bryan Sutula píše v St 23. 04. 2008 v 09:08 -0600:
> On Wed, 2008-04-23 at 14:50 +0200, Dan Horák wrote:
>
> > Fedora started a project called Crypto Consolidation [1], [2] some time
> > ago. The conclusion is that for licensing and certification reasons we
> > will standardize on the NSS library. That's why I would like to start
> > adding support for NSS library into OpenHPI as a alternative to the
> > currently used OpenSSL library.
>
> > If I have read the sources carefully, there are 2 areas in OpenHPI where
> > OpenSSL is used now - the first one is digest/hash computing in the
> > ipmidirect plugin and the second one is SSL support in the oa_soap and
> > ilo2_ribcl plugins. The first area can be done easily in parallel with
> > NSS primitives and for the second area it can be either reimplemented
> > for NSS or a compatibility library nss_compat_ossl could be used. I have
> > seen that some form of modular SSL/crypto support was just being added,
> > so I would like to coordinate my work with the one that is already in
> > progress.
>
> At this point, the new SSL library Renier created yesterday contains
> OpenSSL init code. It was necessary for the infrastructure to call this
> before starting any plugins.
>
> The direction I was pursuing was to move the rest of the SSL code from
> the OA plugin into the new SSL library. I don't think there's anything
> in the way of doing this immediately, so I'll make that change as soon
> as I can. From there, I will work with the iLO2 plugin maintainers to
> try to combine SSL library usage so that there's no SSL-specific code in
> either iLO2 or OA plugins. I believe these steps will be consistent
> with the overall direction you're proposing.
Yes, this is exactly the direction I would like to go.
>
> >From there, I don't have an opinion on adding NSS support as an
> alternative to OpenSSL. I haven't studied NSS at all. Perhaps others
> here have thoughts on that. In any case, that could be a longer-term
> goal.
I have to learn NSS myself, so there is no problem with the real
availability coming sometime in the future. But the important thing is
that we can agree on the direction.
>
> Based on e-mail to this list the past week, I'd suggest starting a
> SourceForge feature request for adding NSS, so that we can track the
> request and any discussion on the subject.
Done as Feature Request #1950470
Dan
--
Dan Horák
Software Engineer, BaseOS
Red Hat Czech s.r.o., Purkyňova 99, 612 45 Brno
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Openhpi-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openhpi-devel
