[Dnsmasq-discuss] Does DNSSEC require nettle and gmp, or nettle with gmp?

Albert ARIBAUD albert.aribaud at free.fr
Wed Mar 26 09:50:32 UTC 2014


Le 26/03/2014 10:16, Olaf Westrik a écrit :
> On 2014-03-25 23:22, Lonnie Abelbeck wrote:
>>
>> On Mar 25, 2014, at 4:52 PM, Simon Kelley wrote:
>>>
>>> Do you want openSSL instead of Nettle? If so, why?
>>>
>>> Cheers,
>>>
>>> Simon.
>>
>> I would prefer OpenSSL support.
>>
>> As a developer for a cross-compiled x86 open source project (AstLinux)
>> building and maintaining additional libraries (particularly crypto) is
>> not ideal when so many packages already require OpenSSL.
>>
>> We also try to keep the "bloat" out as much as possible, our
>> compressed images are around 40 MB in size.
>>
>> Your excellent dnsmasq is one of our core packages, it would be our
>> preference if it also supported the time tested OpenSSL shared libraries.
>>
>> Obviously using Nettle is not a deal breaker, but I think OpenSSL vs.
>> Nettle is a good discussion to have.
>
>
> I happen to be in a similar position as Lonnie.
> Since we use packages that use OpenSSL (Apache, OpenVPN, wget, Perl
> SSLeay), we already ship the openssl libraries and not nettle.
>
> Surely the addition of nettle, statically linked if need be, is not
> something that will double the size of our image. I am more concerned
> with the addition of yet another software package that needs to be
> monitored.
>
>
> If the license issue can be solved, would it be an option to use either
> nettle or openssl depending on something like make -DUSE_NETTLE or make
> -DUSE_OPENSSL?

Seconded (albeit not as a packager, but as an end user occasionally 
building dnsmasq), except I would prefer something along the lines of 
-DCRYPTOLIB=OPENSSL / -DCRYPTOLIB=NETTLE.

> Olaf

Amicalement,
-- 
Albert.



More information about the Dnsmasq-discuss mailing list