[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7877) please make gcrypt optional with newer gnutls

On Mon, Jun 30, 2014 at 5:05 AM, Howard Chu <hyc@symas.com> wrote:
> The only reason GnuTLS support exists in OpenLDAP is because of Debian.
> Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
> crap out.

Sounds good to me. So a patch that removes gcrypt entirely looks like:


(I assume the explicit threading setup is important, if not maybe the
gnutls_global_set_mutex part could be removed too...)

That requires gnutls 2.12.0 or newer, so then I think we can also
remove the compatibility code for older versions:


> Just tell us at which version of GnuTLS you switched to nettle and we'll make
> that the minimum supported version.

Debian builds gnutls with nettle starting from 3.0.0. The API used in
tls_g.c is all backend agnostic though. I tried with 2.12.20 (with
gcrypt backend) and everything looks fine in slapd and clients
including the threading setup. I think 2.12.0 as minimum version would
be fine, and then nettle vs gcrypt only matters for smbk5pwd users.

Thanks for considering my patches.