Subject: Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

From: Peter Stuge <peter_at_stuge.se>
Date: Mon, 1 Mar 2010 16:01:57 +0100

Lars Nordin wrote:
> SSH can be used without DSA, but will break the RFC. It's up to the
> enduser if he wants an SSH2 that break's the RFC (for me, the
> client i', building will only talk with a openssh-server compiled
> using the same OpenSSL-version (without DSA)

RFC compliance is really important for interoperability.

In a case such as yours, where you explicitly do not want wide
interoperability, non-compliance is of course fine.

But I think we must not silently build a non-compliant library, so at
the very least this needs to become a configure option;

--disable-rfc-compliance

maybe? The same knob might be used also for other things in the code.

//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-01

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]