[gnutls-dev] OpenCDK comments

Simon Josefsson simon at josefsson.org
Sun Apr 22 09:36:47 CEST 2007

Timo Schulz <twoaday at gmx.net> writes:

> Simon Josefsson wrote:
>> * Can't we officially deprecate keygen.c and its interfaces, in the
>>   same way that the trustdb.c interfaces have been deprecated?  I'd
> I'm not sure if we share the same opinion or if we even talk about
> the same thing. OpenCDK is a general library and not only for the use
> in GnuTLS. At least that's what I planned. I'm not sure if it is used
> in the real world, but I plan to make a public release soon.

Ok, I understand.  Still, the comment in keygen.c says:

/* WARNING: The key generation code is very old and probably needs
            a lot of adjustments and changes. Please avoid it for now
            if possible. */

That doesn't inspire confidence in the code...

>> * I'd recomment that we use gnulib for CRC, Base64, several misc.c
>>   functions, etc.
> For the mingw32 build the gnulib would be linked static? Right now
> opencdk depends on gcrypt, gpg-error and 'z' and to increase the
> amount of libs can be burdensome for the w32 port. My idea was to
> keep the library tight and small to avoid too much dependies.
> We could use ligcrypt for the CRC stuff. The base64 code is IMHO
> not that much and there are also very limited misc functions.
> You might have seen I removed the vasprintf code. Now it's only
> a case in-sensitive version of strstr.

Gnulib isn't an external dependency, it is included in gl/, see the
0.5.x branch of OpenCDK and <http://www.gnu.org/software/gnulib/>.  It
can help with many portability problems, especially on mingw32.  It is
good to remove vasprintf etc, but some things may still be required.

>> * Where is stream-socket.c used?  keyservers?  Maybe it could be
>>   removed too, if keyserver stuff is removed.
> I might have the impression, that you think of opencdk as a library
> which is *only* used for GnuTLS. It is a problem that OpenCDK is a
> general library and also provides interfaces which are not used by GnuTLS?

No, it shouldn't be.  Perhaps the copy of OpenCDK inside GnuTLS can be
made smaller, without e.g. the keyserver files, because those have
caused compilation problems in the past.  I'll look into that.


More information about the Gnutls-devel mailing list