[Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

Olaf Westrik weizen_42 at ipcop-forum.de
Wed Mar 26 09:16:19 UTC 2014


On 2014-03-25 23:22, Lonnie Abelbeck wrote:
>
> On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote:
>>
>> Do you want openSSL instead of Nettle? If so, why?
>>
>> Cheers,
>>
>> Simon.
>
> I would prefer OpenSSL support.
>
> As a developer for a cross-compiled x86 open source project (AstLinux) building and maintaining additional libraries (particularly crypto) is not ideal when so many packages already require OpenSSL.
>
> We also try to keep the "bloat" out as much as possible, our compressed images are around 40 MB in size.
>
> Your excellent dnsmasq is one of our core packages, it would be our preference if it also supported the time tested OpenSSL shared libraries.
>
> Obviously using Nettle is not a deal breaker, but I think OpenSSL vs. Nettle is a good discussion to have.


I happen to be in a similar position as Lonnie.
Since we use packages that use OpenSSL (Apache, OpenVPN, wget, Perl 
SSLeay), we already ship the openssl libraries and not nettle.

Surely the addition of nettle, statically linked if need be, is not 
something that will double the size of our image. I am more concerned 
with the addition of yet another software package that needs to be 
monitored.


If the license issue can be solved, would it be an option to use either 
nettle or openssl depending on something like make -DUSE_NETTLE or make 
-DUSE_OPENSSL?


Olaf



More information about the Dnsmasq-discuss mailing list