Yo Mark! On Fri, 27 Jan 2017 18:14:15 +0000 Mark Atwood <fallenpega...@gmail.com> wrote:
> If we are going to have an SSL dependency, I have a pretty strong
> preference towards WolfSSL
It may be the best, but it is not in Gentoo. I suspect few distros have
it. As we see from the libsodium mess, using non standard libs is a
massive increase in difficulty.
> if we are going to have an OpenSSL dependency, it needs to be to the
> latest stable OpenSSL release.
We gotta support what crap users have.
> What would be using an SSL library for, that libsodium does not
> already provide?
That really needs an audit. waf seems to check for a lot of openssl stuff
that is never used.
My quick check shows md5 and sha1.
And even though --enable-crypto is gone, there are still a lot of
#ifdef HAVE_OPENSSL around.
> What all are we using libsodium right now for?
We use libsodium to read /dev/random, or whatever equivalanet the OS
has. libsodium does not support md5 or sha1.
OTOH, openssl does have RAND_bytes(). Why do we not use that, and get rid
of libsodium? Most projects consider it good enough.
And, don't forget, libisc is still in the tree with its own copies of
md5 and sha1. Nuke it!
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpXwxYa1nUWv.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
