apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <...@covalent.net>
Subject Re: apr-util, crypto and openssl
Date Wed, 06 Jun 2001 23:06:26 GMT

I think the big reason for not ripping all the code out of Apache, is that
currently we don't require OpenSSL for a simple Apache install.  If we rip
all of the crypto code out of APR, then we do introduce that dependancy.
OpenSSL is a rather large dependancy for just md5.  :-)


On Thu, 7 Jun 2001, Sander Striker wrote:

> Hi all,
> As if we weren't having enough discussion on this list
> I'll throw in something else...
> Could we consider _removing_ all crypto related code
> from apr-util (and apr for that matter, since md5
> still lives there)? Reason for asking is that there
> already is an all purpose crypto library: openssl
> (like you didn't know that already...).
> This will mean introducing a dependency on openssl
> for applications, (and until md5 is replaced by something
> that provides randomness, apr too).
> If the apr style api is the reason for the code being
> in there I will understand, but I'd suggest a separate
> apr-crypto library (which effectively would be a thin
> wrapper of openssl).
> Last reason for removing the code: it prevents requirements
> driven fools like me from sending in patches that duplicate
> other work :-) Ben assured me that openssl is extremely
> portable, so that can't be the issue.
> Sander
> PS. I do have a crc32 patch laying about (isn't in openssl
>     or apr(-util) and it is pretty generic. I think it has
>     some use in projects other than ours, but I'm not sure).
>     Interested?

Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131

View raw message