I'm new to OpenSSL. I'm interested in using it to add more
authentication capabilities to FreeS/WAN's Pluto. FreeS/WAN is a free
implementation of IPSEC; Pluto is the IKE daemon. Scary fact: I'm
trying to get this done this week for testing at the VPN Interop.
Luckily, Kasper Langkilde has made a start at this.
As a newbie, I'm going to say naive things. I hope you find this
useful.
I had a hard time finding documentation (I'm not alone in this).
Ariel's documentation is very useful. Is there something more
turorial? Something that gives more of an overview? Is there a
reason not to include Ariel's documentation in the distribution?
For some reason, I have very slow access to www.openssl.org. Much
worse than most other sites. Is it overloaded?
I've downloaded openssl-0.9.2b.tar.gz to use. I don't wish to be
playing with unstable versions while I'm a newbie. Is this a mistake?
Is the latest snapshot likely to be a better bet?
To use OpenSSL routines, I need to use OpenSSL headers. The
installation seems to put them in /usr/local/ssl/include/. I think it
would be good to put them in a directory "openssl" so that I can use
#include <openssl/whatever.h>
if I add /usr/local/ssl/include/ to my search path. Perhaps just as
good would be adding a symlink
/usr/local/include/openssl -> /usr/local/ssl/include
I suggest that the install step do this.
Should the headers be grouped in inner directories, depending on what
part of the interface they correspond to?
When I compile pluto, I use all the gcc warning options that I can
stand (way more than -Wall). I feel that this helps me catch errors
sooner.
Now that I've added header files from OpenSSL, I get a bunch
of warnings. Most of them seem to be of the form:
openssl_include/stack.h:73: warning: function declaration isn't a prototype
The header line that provoked this is in the middle of a struct
declaration:
int (*comp)();
This would be much improved by specifying the types of the arguments.
This would allow the compiler to do better type checking and even
appropriate argument conversions. It would aid the user in figuring
out what arguments are required.
Another example I find particularly surprising is:
openssl_include/stack.h:82: warning: function declaration isn't a prototype
STACK *sk_new(int (*cmp)());
This declaration is inside #ifndef NOPROTO!
| From: Bodo Moeller <[EMAIL PROTECTED]>
| Reply-To: [EMAIL PROTECTED]
| Subject: (const) des_ctype
|
| I have prepared a set of patches to the DES library that should solve
| the const problem.
Pluto currently uses EAY's libdes. I'd like to use OpenSSL for other
things, perhaps conditionally. I'd very much like it if the
interfaces were identical.
I actually dropped a few consts into our copy, so I think it is a
good idea.
Hugh Redelmeier
[EMAIL PROTECTED] voice: +1 416 482-8253
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
