Douglas E. Engert wrote: > I have noticed that Debian (any maybe others) have started to convert > to using GnuTLS in some packages like OpenLDAP, for licening reasons. > (I spent two much time tracking down bugs and differences in nss and ldap > because of this change.) So I would not suggest it at this time, but it > is an option.
The GnuTLS API is horribly weird and not really documented in any way. Don't replace OpenSSL with it. > >> (D) Use some other crypto package? > > > > If there's anyone interested in reaping the code and hiding the > > common cases behind an adapter API (sc_crypto_something) and THEN > > implement the necessary hash and public key operations for a > > library other than OpenSSL, it could be done. > > > > But changing OpenSSL to something else without a good > > justification is not reasonable at the moment. I strongly agree with Martin here. I think it would be very nice to abstract crypto in OpenSC so that providers other than OpenSSL could be used. For embedded small things there are several crypto libraries to pick and choose from. Maybe some code could even be included in OpenSC itself, but I don't see it as a high priority. As an example of what I mean, I've included Tom St Denis' SHA256 code in a MySQL UDF. Very simple: http://git.stuge.se/?p=mysql-sha256.git;a=blob;f=sha256.c //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel