[Date Prev][Date Next]
Re: (ITS#7877) please make gcrypt optional with newer gnutls
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7877) please make gcrypt optional with newer gnutls
- From: firstname.lastname@example.org
- Date: Tue, 1 Jul 2014 03:24:25 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> On Mon, Jun 30, 2014 at 5:05 AM, Howard Chu <email@example.com> wrote:
>> The only reason GnuTLS support exists in OpenLDAP is because of Debian.
>> Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
>> crap out.
> Sounds good to me. So a patch that removes gcrypt entirely looks like:
> (I assume the explicit threading setup is important, if not maybe the
> gnutls_global_set_mutex part could be removed too...)
> That requires gnutls 2.12.0 or newer, so then I think we can also
> remove the compatibility code for older versions:
>> Just tell us at which version of GnuTLS you switched to nettle and we'll make
>> that the minimum supported version.
> Debian builds gnutls with nettle starting from 3.0.0. The API used in
> tls_g.c is all backend agnostic though. I tried with 2.12.20 (with
> gcrypt backend) and everything looks fine in slapd and clients
> including the threading setup. I think 2.12.0 as minimum version would
> be fine, and then nettle vs gcrypt only matters for smbk5pwd users.
> Thanks for considering my patches.
Committed to master. I've also added a check for 2.12.0 to the configure script.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/