[Date Prev][Date Next]
Re: (ITS#7877) please make gcrypt optional with newer gnutls
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7877) please make gcrypt optional with newer gnutls
- From: email@example.com
- Date: Mon, 30 Jun 2014 21:52:12 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
On Mon, Jun 30, 2014 at 5:05 AM, Howard Chu <firstname.lastname@example.org> wrote:
> The only reason GnuTLS support exists in OpenLDAP is because of Debian.
> Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
> crap out.
Sounds good to me. So a patch that removes gcrypt entirely looks like:
(I assume the explicit threading setup is important, if not maybe the
gnutls_global_set_mutex part could be removed too...)
That requires gnutls 2.12.0 or newer, so then I think we can also
remove the compatibility code for older versions:
> Just tell us at which version of GnuTLS you switched to nettle and we'll make
> that the minimum supported version.
Debian builds gnutls with nettle starting from 3.0.0. The API used in
tls_g.c is all backend agnostic though. I tried with 2.12.20 (with
gcrypt backend) and everything looks fine in slapd and clients
including the threading setup. I think 2.12.0 as minimum version would
be fine, and then nettle vs gcrypt only matters for smbk5pwd users.
Thanks for considering my patches.