Joe Orton wrote: > > ** Is the caller of this code expected to be crypto-toolkit agnostic or > not? I am struggling to imagine in Fedora, why we'd want to build > APR(-util) with support for *both* crypto toolkits at run-time. Why not > just pick one at build time, like every other project in the entire > world does?
They must be for using the API. If they want to then do something 'more' and address a toolkit directly, that's their perogative, but not something we should even get involved in or claim to support (same issue as svn bdb assumptions). Five practical illustrations related to httpd on win32 out of the box; * ht* support should not bind to/load into process the crypto/ssl libs, ever. Removing the ssl stub[s] due to local laws mustn't invalidate such programs. * user has desire to use ms crypto providers, support this, they must fight with their own registration of certs/keys in the registry. * user has desire to use openssl * user has desire to use openssl compiled as FIPS [these must be seperate libs, see recent [email protected] discussions] * user has 3rd party module using nss directly, seeks to avoid incompatibilities (note the libld platforms suffer much worse than win32 in this respect). I've seen this particular issue repeated year after year in new forms. Fedora is relatively homogeneous so I doubt it would benefit, but again we can offer the disable dso support flags for platforms who rather build in that manner.
