[Originally sent by John, all I'm doing is forwarding it to our ticket
database to make sure it gets included.  -- Richard Levitte]

Hi Richard,

   Thanks for taking a look at this.

> [guest - Thu Oct  6 11:55:10 2005]:
>
> >   This stops our engine working with the openssl application (as it
>  > registers a lock debugging callback) and Apache 2.x (and other apps
>  > too no doubt)
>
> That's because those applications don't set up callbacks for the
>  dynamic locks.  The correct thing to do is to talk with the 
> application
>  authors and tell them that there are new requirements to make engines
>  work.

   Unfortunately we do not have relationships with all of the 
application developers for the applications that our customers use, so 
this is not possible.  We shall certainly apply pressure in this 
direction where we can.

   On that note, is there a plan to update the apps/openssl application 
to not use the static lock callback for lock debugging?

> > or is there something else that we could do instead to allow our
>  > engine to work with static locks?  It seems that the dynamic locks
>  > are rarely used.
>
> Yes, it's true, they are rarely use...  currently.  However, I really
>  would encourage people to use them more, as they are a bit more
>  flexible than the static locks.  Ideally, OpenSSL should probably move
>  to dynamic locks entirely, which would make maintainance quite a bit
>  easier.

   The dynamic locks are clearly a much better solution and removing 
them from openssl will force all applications to move , which would be 
a good thing in the long run.  Is there a plan to do this for any 
specific future release?

   Why is it that the static locks have not been removed completely for 
0.9.8?  If it is to keep some backward compatibility with older apps, 
or ones that see no reason to change,  would it not be preferable if 
the whole of openssl was compatible in this way, including the engines? 
  It seems a bit unfair on the end users who need hardware support for 
openssl to keep the interface, so the apps don't realise that they need 
to change, but to remove the engine support from these apps.

   I appreciate that the hack for our static lock was not pleasant, but 
it is no less pleasant than all the other static locks.  Are you sure 
we can't persuade you to put it back in until all static locks are 
removed?

   By the way, do you have an nCipher HSM for interop testing?

   Thanks again

-john

--
John Hartley
nCipher Ltd                                                     
http://www.ncipher.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to