On Sun, Jul 10, 2005 at 02:04:32PM +0900, Junichi Uekawa wrote : > > > > That said, I think too we should favor libgcrypt, because it has a > > > > lighter security record. > > > > > > I mailed him about that and SONAME versionning. > > > > I got his reply. As Junichi thought, he doesn't know about SONAME > > versionning. I pointed to him chapter 6 of the libtool manual. > > He said he's only using "basic cryptographic stuff from libcrypto, > > which are less likely to have security problems." As he has been > > approved by google's "Summer of Code", the next two months' work will > > only be functionnality adds. Changing cryptographic library is not a > > priority, but at queue of the TODO. > > You could do that kind of dirty work for him; I've started doing it. It's a bit difficult since I knew nothing about cryptography, but it's nearly finished. The main problem is that upstream use libcrypto functions for reading DSA and RSA private key files that have no equivalent in libgcrypt. I've started to look libcrypto source to see how they work, but it seems complicated. Should I try to understand libcrypto code and adapt it to libssh? Regards, -- Jean-Philippe Garcia Ballester
Attachment:
signature.asc
Description: Digital signature