On 2014-03-12 06:40, Eliezer Croitoru wrote:
What about choosing between openssl and nettle?
Given a choice between those two nettle wins hand-down on API stability
and licensing grounds.
OpenSSL has licensing policy issues on Debian and derived systems, and
MacOS. RHEL and derived systems have a number of ongoing compatibility
issues that we have been fighting against for a long while. So we are
having to bundle our own copies of the crypto code to simply make Squid
work when OpenSSL is not able to be provided.
Using Nettle is most useful to remove that bundled code forced on us by
those uses of OpenSSL. Gaining access to more modern algorithms is a
bonus side effect.
If it is veing used by GnuTLS it should be good for us too.
I have not seen this lib before in my short life.
If it's only MD5 and basic others I assume that it should be static
lib enough to allow us depend on it without fearing from someone
changing the api and the code too much.
FYI: the content index here shows the list of code it supplies:
http://www.lysator.liu.se/~nisse/nettle/nettle.html
3.5 is good for me and if we know how and where it is being used and
done a porting to 3.4 might be nice but only after real testing and
seeng that there is a benefit using this lib and not squid code.
Eliezer
On 10/03/2014 23:50, Amos Jeffries wrote:
Before I forge on ahead, does anyone have objections to adding it as a
build dependency of squid-3.5 and dropping our locally bundled crypto
code which overlaps?
Amos
Amos
