[kea-dev] Building KEA on OpenBSD

Francis Dupont fdupont at isc.org
Wed Dec 9 08:56:10 UTC 2015

Patrik Lundin writes:
> One question has surfaced: the choice of crypto library. OpenBSD has
> LibreSSL (a fork of OpenSSL) in the base system, and this is picked up
> and used by the configure script.

=> as far as I know the Kea OpenSSL option is compatible with LibreSSL
but it is not checked by Jenkins, and not on last versions of OpenBSD
so please warn if (when?) it will be no longer the case.

> I know Kea can also use the Botan library. Do you have any preference as
> to what library is being used even though both are supported?

=> Botan is C++ when OpenSSL and LibreSSL are C so if you have
the choice Botan is better. Now most of the OpenSSL short comings
are supposed to have been removed from LibreSSL. And Kea uses only
very basic features (hash and hmac).

> Personally it seems nice to use the built in LibreSSL, but before
> chosing a path merely based on a gut feeling it seems reasonable to ask
> upstream :).

=> The OpenSSL option was added because there is no "certified" version
of Botan so it blocked Kea on some platforms. The plan is to support
both Botan and OpenSSL/LibreSSL for Kea (*).


Francis Dupont <fdupont at isc.org>

PS (*): it is possible we remove the support of obsolete OpenSSL 0.9.8
versions after Kea 1.0 release, both because these versions won't be
supported by OpenSSL after this december, and because the HMAC API
was fixed in OpenSSL >= 1.0.0 (and of course LibreSSL). As far as I know
the only impacted system should be Apple OS X where IMHO the "system"
OpenSSL should not be used anyway.

More information about the kea-dev mailing list