On Tue, 2011-04-26 at 13:59 -0400, Stephen Gallagher wrote: > On Tue, 2011-04-26 at 11:01 +0200, Jakub Hrozek wrote: > > [PATCH 1/2] Require openssl-devel is libcrypto backend is selected > > > > I've changed the configure flags a little. The previous --enable-crypto > > sounded like something you should enable to get the functionality > > compiled in rather than a selection of alternative crypto back end. > > > > https://fedorahosted.org/sssd/ticket/844 > > > > [PATCH 2/2] BUILD.txt: Warn that all crypto features are implemented > > > > Note that the recommended default is NSS. > > > Nack. > > Please add a warning in the configure script as well when using > libcrypto. No one EVER reads the BUILD.txt. > > Have you tested whether functionality works with libcrypto at all? What > happens when cache_passwords = true? Do we store them plaintext or fail > entirely? Is it a graceful failure? > > I'm honestly not sure there's a good reason to allow the use of > libcrypto at all at this point. I think we should consider disabling it > (not removing it) until and unless someone else decides to maintain it.
Also, 'make check' fails if --with-crypto=libcrypto is used with: Running suite(s): sss_crypto 0%: Checks: 1, Failures: 1, Errors: 0 ../src/tests/crypto-tests.c:69:F:sss crypto tests:test_encrypt_decrypt:0: Failure 'ret != EOK' occured FAIL: crypto-tests
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
