According to Scott McDermott:
> Geoff Hutchison on Tue 12/06 19:37 -0400:
> > > There is a patch, I think it is ssl.3 or ssl.4, that you need to use
> > > in order for SSL to work. Why this isn't in the standard
> > > distribution, I have no idea.
> >
> > b) At the time 3.1.5 came out, it was unclear whether it was legal for
> > free software to link to an SSL implementation in the US. Since the
> > original author and myself happen to live in the US, that's a bit of a
> > problem.
>
> Well the patches were always available on the same US FTP sites if I
> recall, and personally I think that if laws went so far as to say you
> couldn't even hook into a separate library that you don't distribute and
> didn't write, I think I would very much enjoy breaking such a
> disturbing, ignorant law.
>
> But anyways the crypto situation in the US is much improved as of, I
> think some time in 1999 or 2000. You just have to put some dumb stuff
> like this:
>
> This site includes publicly available encryption source code
> which, together with object code resulting from the compiling of
> publicly available source code, may be exported from the United
> States under License Exception "TSU" pursuant to 15 C.F.R. Section
> 740.13(e).
>
> (see http://www.bxa.doc.gov/)
>
> on your site (although that's a pretty pointless requirement if you ask
> me; I sure wouldn't do it).
>
> Sorry if this has already been discussed, I'm jumping in in the middle
> it appears.
Well, bear in mind that 3.1.5 was released early in 2000, and we wanted
to get it out quickly to provide a fix for a rather nasty security hole.
If the crypto export restrictions had been lifted by then, I wasn't
aware of it at the time, and didn't have the time to figure out just
where things stood. I certainly wouldn't have let this hold up the
3.1.5 release, even if I was aware of it at the time. If I recall,
I only found out about the loosening of restrictions some time after.
I think Geoff and I are also a little less eager than you seem to be to
take on the US government. :-)
We also were, and still are, reluctant to introduce changes to the
stable release that will make it dependent on another 3rd party library.
Given the problems some users have been reporting with the ssl.4 patch,
I'm not eager to make these everybody's problem by incorporating SSL
support into the next 3.1.x release. We do have SSL support in the
latest 3.2 beta, and for now, I think that's still the best place for
it until it gets a good shakedown.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
_______________________________________________
htdig-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/htdig-dev
