Re: [RFC] use libnettle for crypto

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 12 Mar 2014 10:15:00 +1300

On 2014-03-12 06:40, Eliezer Croitoru wrote:
> What about choosing between openssl and nettle?

Given a choice between those two nettle wins hand-down on API stability
and licensing grounds.

OpenSSL has licensing policy issues on Debian and derived systems, and
MacOS. RHEL and derived systems have a number of ongoing compatibility
issues that we have been fighting against for a long while. So we are
having to bundle our own copies of the crypto code to simply make Squid
work when OpenSSL is not able to be provided.

Using Nettle is most useful to remove that bundled code forced on us by
those uses of OpenSSL. Gaining access to more modern algorithms is a
bonus side effect.

> If it is veing used by GnuTLS it should be good for us too.
> I have not seen this lib before in my short life.
> If it's only MD5 and basic others I assume that it should be static
> lib enough to allow us depend on it without fearing from someone
> changing the api and the code too much.

FYI: the content index here shows the list of code it supplies:
   http://www.lysator.liu.se/~nisse/nettle/nettle.html

>
> 3.5 is good for me and if we know how and where it is being used and
> done a porting to 3.4 might be nice but only after real testing and
> seeng that there is a benefit using this lib and not squid code.
>
> Eliezer
>
> On 10/03/2014 23:50, Amos Jeffries wrote:
>>
>> Before I forge on ahead, does anyone have objections to adding it as a
>> build dependency of squid-3.5 and dropping our locally bundled crypto
>> code which overlaps?
>>
>> Amos

Amos
Received on Tue Mar 11 2014 - 21:15:08 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 12 2014 - 12:00:15 MDT