Return-Path: 
 <dev-return-2473-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 17043 invoked by uid 500); 6 Jun 2001 23:07:10 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Subscribe: <mailto:dev-subscribe@apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 17002 invoked from network); 6 Jun 2001 23:07:09 -0000
Message-ID: <3482305AF0F6CF469ED45C0D48FAFCF7091FF47D@cnet48.cnet.com>
From: Ian Holsman <IanH@cnet.com>
To: "'Sander Striker'" <striker@samba-tng.org>, dev@apr.apache.org
Subject: RE: apr-util, crypto and openssl
Date: Wed, 6 Jun 2001 16:06:37 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

Hi Sander,
I have an issue with installing open-ssl on machines.
from their home page:

This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world. 

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 

what this means is that if I want to install a web server in china or india (where CNET have offices) we will need to get
a lawyer involved.


> -----Original Message-----
> From: Sander Striker [mailto:striker@samba-tng.org]
> Sent: Wednesday, June 06, 2001 4:09 PM
> To: dev@apr.apache.org
> Subject: apr-util, crypto and openssl
> 
> 
> Hi all,
> 
> As if we weren't having enough discussion on this list
> I'll throw in something else...
> 
> Could we consider _removing_ all crypto related code
> from apr-util (and apr for that matter, since md5
> still lives there)? Reason for asking is that there
> already is an all purpose crypto library: openssl
> (like you didn't know that already...).
> 
> This will mean introducing a dependency on openssl
> for applications, (and until md5 is replaced by something
> that provides randomness, apr too).
> 
> If the apr style api is the reason for the code being
> in there I will understand, but I'd suggest a separate
> apr-crypto library (which effectively would be a thin
> wrapper of openssl).
> 
> Last reason for removing the code: it prevents requirements
> driven fools like me from sending in patches that duplicate
> other work :-) Ben assured me that openssl is extremely
> portable, so that can't be the issue.
> 
> Sander
> 
> PS. I do have a crc32 patch laying about (isn't in openssl
>     or apr(-util) and it is pretty generic. I think it has
>     some use in projects other than ours, but I'm not sure).
>     Interested?
> 
>