division of code into libraries - openssl dependancy

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Dec 11 04:13:36 UTC 2002

> On Tue, 10 Dec 2002 Mark_Andrews at isc.org wrote:
> > 	libdst would be more appropriate.  You could then have a crypto
> > 	aware libdst and crypto unaware libdst instead of a crypto aware
> > 	libdns and a crypto unaware libdns.  However you would still need
> > 	to link against libcrypto even if the upper layers don't make use
> > 	of crypto when linking against the crypto aware libdst.
> A lot of the code in what would become libdst depends on other code in 
> libdns, leading to a circular dependency.

	Yes.  I was looking at that.  It could be done by spliting what is
	in lib/dns/sec/dst up and leaving part of it in libdns.  The remaining
	circular dependancies should not be a problem as the routines used
	are guarenteed to be linked in.

	The following would be in the library/libraries and dst_init etc.
	would handle ISC_R_NOTIMPLEMENTED returned from stub entrypoints
	when openssl / gssapi is not available.

	libdstgssapi (and libdstnogssapi?):
	gssapictx.o		*** need to check this one

	libdstcrypto (and libdstnocrypto?):

	However the more I look at this just having both versions of libdns
	available would suffice.  A stub libcrypto would allow the same
	executable to be sent with a crypto less libdns to those parts of
	the world where crypto is illegal.  Certian operation would just
	fail at runtime.

> > 	Pulling out all the crypto aware parts and putting them in a
> > 	seperate library would be extremely difficult.
> As would separating dst from libdns.  This did come up 2 or 3 years ago 
> when the crypto code was added, and the current method was agreed upon.
> I don't fully understand why using liblwres requires that you also 
> link in libdns.  Using lwres to get the common record types (A and PTR), 
> or even uncommon ones (KEY), return data that can be used directly by an 
> application with a basic description of the record format.  Even types 
> with DNS names aren't really a problem, since lwres only returns 
> uncompressed names.
> Brian

	Micheal is using libdns to convert the wire format to other
	formats and break up the rdata.  He could have also use libbind
	or libresolv or rolled his own.
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-workers mailing list