[kea-dev] Building KEA on OpenBSD

Patrik Lundin patrik at sigterm.se
Wed Dec 9 22:56:45 UTC 2015


On Wed, Dec 09, 2015 at 08:56:10AM +0000, Francis Dupont wrote:
> 
> => as far as I know the Kea OpenSSL option is compatible with LibreSSL
> but it is not checked by Jenkins, and not on last versions of OpenBSD
> so please warn if (when?) it will be no longer the case.
> 

I guess this is one reason to stick with LibreSSL, to verify it keeps
working.

> 
> => Botan is C++ when OpenSSL and LibreSSL are C so if you have
> the choice Botan is better. Now most of the OpenSSL short comings
> are supposed to have been removed from LibreSSL. And Kea uses only
> very basic features (hash and hmac).
> 

Since it means, among other things, one less dependency on ports I lean
towards using LibreSSL.

> 
> => The OpenSSL option was added because there is no "certified" version
> of Botan so it blocked Kea on some platforms. The plan is to support
> both Botan and OpenSSL/LibreSSL for Kea (*).
> 

I don't personally care much for certifications, but it is nice to know
you plan to support both libraries for the foreseeable future.

> 
> PS (*): it is possible we remove the support of obsolete OpenSSL 0.9.8
> versions after Kea 1.0 release, both because these versions won't be
> supported by OpenSSL after this december, and because the HMAC API
> was fixed in OpenSSL >= 1.0.0 (and of course LibreSSL). As far as I know
> the only impacted system should be Apple OS X where IMHO the "system"
> OpenSSL should not be used anyway.
>

Thanks for taking the time to answer my questions, much appreciated :).

-- 
Patrik Lundin


More information about the kea-dev mailing list