From dev-return-16706-apmail-apr-dev-archive=apr.apache.org@apr.apache.org Sat Jun 24 18:39:57 2006 Return-Path: Delivered-To: apmail-apr-dev-archive@www.apache.org Received: (qmail 46649 invoked from network); 24 Jun 2006 18:39:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 24 Jun 2006 18:39:57 -0000 Received: (qmail 86290 invoked by uid 500); 24 Jun 2006 18:39:56 -0000 Delivered-To: apmail-apr-dev-archive@apr.apache.org Received: (qmail 86243 invoked by uid 500); 24 Jun 2006 18:39:56 -0000 Mailing-List: contact dev-help@apr.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Id: Delivered-To: mailing list dev@apr.apache.org Received: (qmail 86232 invoked by uid 99); 24 Jun 2006 18:39:56 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jun 2006 11:39:56 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [207.155.252.12] (HELO sheffield.cnchost.com) (207.155.252.12) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 24 Jun 2006 11:39:55 -0700 Received: from [192.168.0.152] (nmd.espia.phl.wayport.net [64.134.2.42]) by sheffield.cnchost.com (ConcentricHost(2.54) Relay) with ESMTP id 15AEA3A12; Sat, 24 Jun 2006 14:39:33 -0400 (EDT) Message-ID: <449D86E7.3020403@rowe-clan.net> Date: Sat, 24 Jun 2006 13:39:35 -0500 From: "William A. Rowe, Jr." User-Agent: Thunderbird 1.5.0.4 (X11/20060614) MIME-Version: 1.0 To: david reid CC: James Mansion , Jeff Trawick , dev@apr.apache.org Subject: Re: [PROPOSAL/PATCH] add ssl sockets References: <449D13FA.4010102@jetnet.co.uk> In-Reply-To: <449D13FA.4010102@jetnet.co.uk> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N david reid wrote: > James Mansion wrote: >> What's wrong with just using OpenSSL BIOs anyway? > > Nothing, but why layer upon layer when there is no real need? Also keep in mind that we *should* be able to link against netscape's SSL API invisibly; but building in sophisticated BIO related features would be fine for RSA SSLC or OpenSSL, but would stink when it comes to using other SSL implementations. I see every modern crypto provider supporting the API David's proposed, and the SHA/MD5 hashing I'm about to propose. The more 'special features' of one provider we define, the more code we will have to write when those API's are not present.