apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: svn commit: r597209 - in /apr/apr-util/trunk: CHANGES build/ssl.m4 include/apr_buckets.h include/apr_ssl.h include/private/apr_ssl_openssl_private.h ssl/apr_ssl_openssl.c ssl/apr_ssl_winsock.c
Date Fri, 23 Nov 2007 00:27:05 GMT
William A. Rowe, Jr. wrote:

> As a general observation, mod_ssl is a good example of library abuse; we
> really never leveraged it to do exactly what it does well, after sticking
> our fingers into every corner of the library at every layer.

Exactly, which is why the apr_evp interface is trying to do one thing 
and one thing well: encrypt and decrypt arbitrary strings.

There are some things that over the recent weeks I have found that 
OpenSSL doesn't do well, or at all (or that are undocumented), and the 
interface has been written and rewritten a number of times. Eventually I 
got tired of reinventing the thing based on my limited understanding of 
OpenSSL and decided to throw it to the wider and more knowledgeable 
audience here.

The library does not want to support every single feature of every 
single crypto API out there, but at the same time it doesn't want to 
throw arbitrary boulders in the way of getting stuff done. I hope to 
find a balance.

Fortunately the EVP interface seems pretty straightforward, I see no 
need for it to become big and unwieldy.


View raw message