division of code into libraries - openssl dependancy

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Dec 10 01:30:46 UTC 2002

> Currently, there is:
> libisc
> libisccc
> libisccfg
> libdns
> liblwdns
> Useful uses of liblwdns requires libdns and libisc. libdns contains dst_*,
> which requires openssl. This makes programs that aren't doing any crypto at
> all depend upon openssl. Reducing dependancies on things that maybe either
> export/import controlled, or... buggy!... would be good.
> This is, for static linking, not a problem, since if the program doesn't use
> the crypto, it doesn't pull dst_* in. For dynamic linking, ironically, the
> program winds up bigger...
> I would like to propose that the dnssec functions be moved out of libdns,
> into libdnssec, perhaps.

	libdst would be more appropriate.  You could then have a crypto
	aware libdst and crypto unaware libdst instead of a crypto aware
	libdns and a crypto unaware libdns.  However you would still need
	to link against libcrypto even if the upper layers don't make use
	of crypto when linking against the crypto aware libdst.

	Pulling out all the crypto aware parts and putting them in a
	seperate library would be extremely difficult.

Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-workers mailing list