On Mon, Apr 11, 2016 at 06:21:39PM +0100, Alex Bligh wrote:
> Wouter,
>
> I had a bit more of a think about this.
>
> On 11 Apr 2016, at 07:07, Wouter Verhelst <[email protected]> wrote:
>
> > I'm going to reply to this series in more detail later (have to go to
> > work soon), but some quick notes for now:
> >
> > - I'm not sure I like the idea of having a proxy to do TLS *at the
> > server side*, although I do agree that there's an upside of "more
> > shared code with client". To be discussed (and I have some more
> > thoughts on this that I don't currently have the time to write down).
>
> Doing it without a proxy server side is actually going to be a
> pretty extensive change. It's not only wrapping read() etc., but
> being aware of the different semantics of the TLS library.
> GnuTLS is (fortunately) far less difficult than openssl here,
> but this is a large task. It could be done, but isn't for the
> faint hearted. The advantage of the (very symmetrical) proxy
> is we only have one bit of code to debug.
See my background in other mail (which I wrote during lunch, but
apparently got stuck on my laptop until just now)
[...]
> > and should probably use
> > PKG_CHECK_MODULES rather than AC_CHECK_LIB.
>
> Not sure that's a great idea. This introduces a dependency
> on pkg-config which (as far as I can tell) doesn't currently
> exist. I'm not sure what pkg-config would buy us here, and
Mostly that it's easier on the user:
- Does better dependency tracking than just testing if the library
exists and/or can be compiled against
- Produces error messages when things fail that are easier to parse than
the default AC_CHECK_LIB stuff, and which includes instructions of
things to try when the library can't be found.
- Is easy to compile and link against a library that is installed in a
nonstandard location (no "./configure
--with-lib-X=/opt/weirdpath/lib/libfoo.so
--with-lib-Y=/opt/weirdpath/lib/libbar.so" etc, you just say
"PKG_CONFIG_PATH=/opt/weirdpath/lib/pkgconfig ./configure" and you're
done)
In addition to all of the above, it also buys us compile-time version
checking with easy to understand syntax.
I should migrate the glib usage to PKG_CHECK_MODULE too, just haven't
gotten around to it.
[...]
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Nbd-general mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nbd-general
