On 8/16/06, Klaus Wagner <klaus@it-austria.net> wrote:
> On Mon, 2006-08-14 at 16:48 +0100, david reid wrote:
>
> > I've heard this a couple of times now, so while I had thought the
> > benefits spoke for themselves maybe they don't.
>
> As the regex encap. thread flames up I would like to know
> if anyone ever intended to encap. SSL Libraries in apr-util.
>
> The benefits would be far greater. gnutls and openssl could be
> included - maybe even microsofts crypto api. this would raise
> abilities for a) applications and b) httpd greatly which by now only
> supports openssl (if my understanding is correct).
>
> Openssl from a users view is quite hard to handle. There are several
> ways to initialize ciphers wrong, mess up the code with BIO structures
> and it gets even worse if nonblocking IO comes in.
>
> So the main benefit would be simplification and abstraction from BIO
> structures, beside the ability of using different backends.
>
> I know that this task would be complicated and I don't know if all
> crypto implementations have at least some similar functionalities
> that can be wrapped.

Initial implementations of ssl code have already been committed to
apr-util's trunk.

-garrett