[Opendnssec-develop] ldns, openssl and NSEC3 hashes
Jelte Jansen
jelte at NLnetLabs.nl
Fri May 22 12:06:07 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
i've just cleaned up ldns for a --without-ssl configure option, but
unfortunately that means that everything that uses digests is also removed
(since those use the OpenSSL digest routines). Now normally this wouldn't be
much of a problem, since digests are mostly used in signing operations. However,
we also need them for NSEC3. So this would mean that the subprocesses sorter and
nsec3er also need to set up an hsm context and login etc., which seems a bit
overkill.
I think we have 3 options here:
- - Just set up the context whenever anything cryptoey is needed (i've just done
one example for this in the sorter)
- - Simply allow the dependency on OpenSSL for digests and let ldns handle them
- - Do them 'ourselves' (for instance through a c-wrapper for botan, on which we
have a dependency already), perhaps as an addition to libhsm)
any thoughts?
Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoWlS8ACgkQ4nZCKsdOncVxUACfQxKoEd8BTDn/RrBtl2Sq6i+J
oU0Anj8zOFhpSqpMzu0g39iMeTuiCp5e
=Cw7x
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list