httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject RE: location of md5, sha1, base64, and validate_password
Date Mon, 08 May 2000 13:31:48 GMT
I think the answer is blatently obvious...

ap.lib is dead.  Three modules... one (ap_hooks) not terribly 
portable from library to library within Win32:

ap_hooks -> apache's core (src/main), perhaps as util_hooks.

It is simply too application specific to Apache.

ap_sha1 / ap_base64 -> apr

This is truly generic code.  There are (mostly charset) portability
issues with this module, e.g. EBCDIC.  That makes them appropriate
to apr, if I'm not mistaken.  I agree sha1 *isn't* a very generic
function, so I wouldn't mind seeing it in the apache core (src/main).

There is nothing else left in ap.lib... why on earth would we
move anything to it :-)  I'm in agreement with Ryan's original 
choice to move ap_md5 to apr, and these choices follow logically.

Time to kill it?


> -----Original Message-----
> From: Life is hard, and then you die []
> Sent: Sunday, May 07, 2000 8:52 PM
> To:
> Subject: location of md5, sha1, base64, and validate_password
> I hate to bring up old discussions again, but I don't recall any
> satisfactory resolution.
> Currently we have md5 and validate_password in apr, and sha1 and
> base64 in ap. To bring validate_password up to date it needs
> access to both sha1 and base64 (this is for Netscape's algorithm).
> Apart from that, having md5 and sha1 in different parts is just
> stupid.
> Also note that nothing in apr depends on md5 on validate_password.
> And now that we have the ap_xlate stuff none of the involved
> functions have any system specific code in them (unless
> ap_MD5InitEBCDIC is meant to be called by something in apr).
> So, we need a resolution: either we move md5 and validate_password
> back to ap, or we move sha1 and base64 to apr.
> Votes?
> Which ever way, I'll do the changes.
>   Cheers,
>   Ronald

View raw message