Hi Kevin, Today kevin brintnall wrote:
> On Wed, Apr 08, 2009 at 10:31:16PM -0500, kevin brintnall wrote: > > Thoughts on what to do when we can't find an installed MD5/SHA1 > > implementation? Should we allow fallback to clear-text passwords, or > > bundle our own implementation? > > Tobi et al, > > I'm considering making a "soft" dependency on OpenSSL for the rrdcached > auth code. If OpenSSL is found, we use their hash routines. If not, > disable authentication (basically, fall back to existing behavior). > > Most of the systems that would want to use rrdcached with authentication > will probably have OpenSSL libs+includes. Also, this opens the door for > encrypted transport at some future date if we decide to do so. > > For systems with no OpenSSL.. I don't think re-implementing our own hash > routines, or shipping a workalike is a better solution. > > Thoughts? I agree openssl is widly available, and the encryption prospect is certainly attractive, the only thing I am wondering about are embedded appliances (ARM based things and such) do they in general include openssl. The same for non free unix systems ... There is gpl2 sha1 code out there (http://polarssl.org/?page=show_source&type=source&file=sha1) which could be included with pretty minimal space impact ... cheers tobi > -- Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland http://it.oetiker.ch t...@oetiker.ch ++41 62 775 9902 / sb: -9900 _______________________________________________ rrd-developers mailing list rrd-developers@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers