On Wed, Sep 17, 2003 at 10:23:46AM -0400, Geoff Thorpe wrote: > On September 17, 2003 08:14 am, Colin Watson wrote: > > Is there anything I can do to speed the acceptance of this patch, or is > > it simply stuck in somebody's queue? If there's something suboptimal > > about it I'd be more than willing to fix it. > > It probably just slipped through the net. If others are like me, they scan > over what they can of list mail each day and deal with what they have > time for. If yours arrives on a busy day (or during a period when the > person who should deal with it is away) then there are good chances it > will slip by.
No trouble, I know the drill - just thought I'd send a ping. > Mail lists are UDP, the request tracker is TCP, for a tenuous analogy. > Please submit the patch to RT and let me know the ticket number (or > have you already done so?); > http://www.openssl.org/support/rt2.html Yep, it got picked up automatically from my initial post. It's #668. > I periodically expire old postings from my mail folders so your post of > Julie 28 is long since gone - so I can't comment yet on your patch except > to say that I think "transparent" falling back to software should not be > the default mode of operation. If hardware fails and the user/coder > specified that a certain class of operations (RSA, DSA, etc) should be > done in hardware, then those certain class of operations should generate > appropriate errors. If not, you are doing what you want to do rather than > what the user/coder told you to do. In other words, I think the falling > back to software should be configurable and should require the blessing > of the user or coder. At one level, you can expose a control command in > the ENGINE to configure this, and you could also support an environment > variable check for "default" behaviour so that precompiled and > unconfigurable apps can still be "configured" by the user. OK, I see the mechanism. Have you any preferences for the environment variable name (or names - perhaps RSA and modexp fallback should be configurable separately)? > Note, these comments are perhaps in contradiction with the current > behaviour of one or two ENGINEs already in the source, but that's > because I haven't had the time to change them and get the appropriate > people (who have the hardware) to verify the results. I was following the lead of the other ENGINEs, indeed. Thanks, -- Colin Watson [EMAIL PROTECTED] Software Engineer nCipher Corporation Limited ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
