Bug#368297: About the libgcrypt and OpenLDAP issue
Werner Koch
wk at gnupg.org
Fri Apr 19 08:36:07 UTC 2013
On Fri, 19 Apr 2013 09:22, hyc at symas.com said:
> Excuse me? By what measure is this correct? Certainly not by any
> published official documentation.
The correct solution is to let the application handle this. But I don't
want to repeat this now. "most correct" here means, it is not worse
than what GNUTLS or any other library might do in case requirements
(initialization of Libgcrypt) have not been met.
As a historic note let me add that Nikos, the GNUTLS author, once
approached me to find way to avoid passing an initialization hook up to
the application. After a lot of discussion we finally came up with this
INITIALIZATION_FINISHED_P hack.
> The OpenLDAP library doesn't want one thing or another at all. It
> simply is expected to use GnuTLS on Debian and it initializes it as
> documented.
Well, it also needs to initialize Libgcrypt. But GNUTLS takes care of
it and tries to do the Right Thing if that has not been done. Which
works in most cases.
> Frankly, speaking for the OpenLDAP Project, what we want is to delete
> all support for GnuTLS. It is, like Mozilla NSS, a poorly designed API
Split OpenLDAP into a daemon and a simple access library and things
would be more robust. This also avoids the hard library dependencies
and the need for applications to runtime link to several versions of the
same library.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Pkg-gnutls-maint
mailing list