apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: APR: Portable across Operating Systems, or Libraries?
Date Sat, 24 Jan 2009 18:42:36 GMT
Graham Leggett wrote:
> 
> There are right now two implementations of the crypto API in apr_util,
> one for OpenSSL, and a second for Mozilla NSS.
> 
> I am keen to get a third implementation in there, native Windows crypto
> support (it would take the form of another optional module), but I don't
> have access to a Windows development environment.

Also keep in mind, you end up tied to the MS keystore, and maintaining the
data or designing the schema to access it will get, uhm, interesting.  There
is a good chance we would need an APR helper command for some of this.  Not
quite as easy as throwing a collection of key/cert files into a directory.

> When I have some time, we could potentially add gnutls support as well.
> 
> Right now the test cases for crypto test that data encrypted by module A
> can be successfully decrypted by module B: this is one of the key design
> goals of the apr_crypto interface: drop in any module relevant to the
> platform, and it should interoperate seamlessly with code running on
> other machines/architectures. As it turns out, interoperability between
> OpenSSL and NSS isn't very good, despite the fact they both are supposed
> to implement standards.

:)  For those interested in such things, also note that we (indirectly) have
additional crypto in support of LDAP.

Bill



Mime
View raw message