From: "Ryan Bloom" <[EMAIL PROTECTED]> Sent: Sunday, September 23, 2001 4:16 PM
> On Sunday 23 September 2001 01:24 am, Mladen Turk wrote: > > > -----Original Message----- > > > From: Justin Erenkrantz [mailto:[EMAIL PROTECTED] > > > Sent: Sunday, September 23, 2001 12:51 AM > > > To: Mladen Turk > > > Cc: APR Dev List > > > Subject: Re: [PATCH] apr_password_validate with LIBEAY des_fcrypt support > > > > > > > Here is a patch that uses dso to load a libeay32.dll from > > > > > > openssl an enables > > > > > > > apr to validate a password using des_fcrypt. > > > > > > What happens if this dll is not available? I don't think we're > > > enforcing users to have OpenSSL. > > > > Nothing happens! > > It falls back to the original behavior if the dll coudn't be loaded at > > runtime. > > I dislike this. My concern is that if you take the same binary to 2 different > Windows machines, you will get two different results. I would prefer to just > have APR always use md5 hashes to protect passwords. We could basically > just document the des option as depricated, and only provided for backwards > compat with older systems. Huh? Are you suggesting that des is depricated on Win32, or _ALL_ platforms? > If we do this, then we shouldn't need DES on Windows. True.