division of code into libraries - openssl dependancy
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Dec 11 04:13:36 UTC 2002
> On Tue, 10 Dec 2002 Mark_Andrews at isc.org wrote:
> > libdst would be more appropriate. You could then have a crypto
> > aware libdst and crypto unaware libdst instead of a crypto aware
> > libdns and a crypto unaware libdns. However you would still need
> > to link against libcrypto even if the upper layers don't make use
> > of crypto when linking against the crypto aware libdst.
> A lot of the code in what would become libdst depends on other code in
> libdns, leading to a circular dependency.
Yes. I was looking at that. It could be done by spliting what is
in lib/dns/sec/dst up and leaving part of it in libdns. The remaining
circular dependancies should not be a problem as the routines used
are guarenteed to be linked in.
The following would be in the library/libraries and dst_init etc.
would handle ISC_R_NOTIMPLEMENTED returned from stub entrypoints
when openssl / gssapi is not available.
libdstgssapi (and libdstnogssapi?):
gssapictx.o *** need to check this one
libdstcrypto (and libdstnocrypto?):
However the more I look at this just having both versions of libdns
available would suffice. A stub libcrypto would allow the same
executable to be sent with a crypto less libdns to those parts of
the world where crypto is illegal. Certian operation would just
fail at runtime.
> > Pulling out all the crypto aware parts and putting them in a
> > seperate library would be extremely difficult.
> As would separating dst from libdns. This did come up 2 or 3 years ago
> when the crypto code was added, and the current method was agreed upon.
> I don't fully understand why using liblwres requires that you also
> link in libdns. Using lwres to get the common record types (A and PTR),
> or even uncommon ones (KEY), return data that can be used directly by an
> application with a basic description of the record format. Even types
> with DNS names aren't really a problem, since lwres only returns
> uncompressed names.
Micheal is using libdns to convert the wire format to other
formats and break up the rdata. He could have also use libbind
or libresolv or rolled his own.
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-workers