[asterisk-dev] SHA1 and MD5 code?

Tilghman Lesher tilghman at meg.abyt.es
Thu Oct 13 15:45:07 CDT 2011


On Thu, Oct 13, 2011 at 12:20 PM, Simon Perreault
<simon.perreault at viagenie.ca> wrote:
> On 2011-10-13 13:04, Tilghman Lesher wrote:
>>> If someone wants to put together a patch for trunk, it's worth reviewing. I
>>> guess the real question is: what are our current dependencies on OpenSSL,
>>> and are the MD5 and SHA-1 operations used for
>>> anything that doesn't also require OpenSSL?
>>
>> In answer to the second question, yes.  MD5 is used both by HTTP as well
>> as AMI for non-plaintext authentication, without requiring the use of OpenSSL.
>
> OpenSSL may be the most ubiquitous library ever.

Really?  I would have considered libc to be the most ubiquitous.

> I only see advantages in using it for SHA1 and MD5.

An extra dependency is an extra dependency.  We've tried to limit the number
of dependencies that Asterisk has.  Now, something that could be done that
would be welcome would be to detect whether the OpenSSL library was
available; if it was, we would use it and remove the MD5/SHA1 code from the
link step.  Debian contributed a patch that does this similarly with the libgsm
code.



More information about the asterisk-dev mailing list