[asterisk-dev] SHA1 and MD5 code?

Kevin P. Fleming kpfleming at digium.com
Thu Oct 13 07:32:34 CDT 2011


On 10/12/2011 05:22 PM, Paul Belanger wrote:
> On 11-10-12 05:57 PM, Jeffrey Ollie wrote:
>> On Wed, Oct 12, 2011 at 3:48 PM, Simon Perreault
>> <simon.perreault at viagenie.ca> wrote:
>>> On 2011-10-12 16:15, Jeffrey Ollie wrote:
>>>> Is there a really good reason to keep SHA1 and MD5 code in the
>>>> Asterisk source?
>>>
>>> You do know about the backdoor requirement, don't you?
>>
>> Well, yes of course, but by using OpenSSL we can use the same backdoor
>> that everyone else uses and we don't have to maintain our own :) :)
>>
> +1 for not having to maintain our own version (plus is keeps package
> maintainers happy). However, I'm not skilled enough to determine the
> impact to asterisk.

If someone wants to put together a patch for trunk, it's worth 
reviewing. I guess the real question is: what are our current 
dependencies on OpenSSL, and are the MD5 and SHA-1 operations used for
anything that doesn't also require OpenSSL?

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-dev mailing list