Subject: Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

Re: Patch to use aes_*_ctr in newer versions of OpenSSL and #if LIBSSH2_DSA for more DSA-code

From: Lars Nordin <Lars.Nordin_at_sdlabs.se>
Date: Mon, 01 Mar 2010 16:15:06 +0100

On 2010-03-01 16:01, Peter Stuge wrote:
> Lars Nordin wrote:
>
>> SSH can be used without DSA, but will break the RFC. It's up to the
>> enduser if he wants an SSH2 that break's the RFC (for me, the
>> client i', building will only talk with a openssh-server compiled
>> using the same OpenSSL-version (without DSA)
>>
> RFC compliance is really important for interoperability.
>
> In a case such as yours, where you explicitly do not want wide
> interoperability, non-compliance is of course fine.
>
> But I think we must not silently build a non-compliant library, so at
> the very least this needs to become a configure option;
>
> --disable-rfc-compliance
>
> maybe? The same knob might be used also for other things in the code.
>
>
> //Peter
> _______________________________________________
> libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
>
>
It can be a better way, my usage is special and can have as much
configure options as needed :-). My point was that LIBSSH2 already
contained RFC-non-compliant code, what I did was to extend the usage to
fully compile the code without references to DSA. So the patch should be
applied and then the next discussion, should the non-DSA usage for
LIBSSH2 have an extra configure option.

We should discuss the right things, not patches to fully use an compile
option, but the compile option.

/Lars
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-01