Bug#996978: libsrtp2-1: OpenSSL
Jonas Smedegaard
jonas at jones.dk
Fri Oct 22 20:01:18 BST 2021
Hi Alexander,
Quoting Alexander Traud (2021-10-21 21:42:10)
> One year ago [1], you enabled NSS as crypto library. With that AES-GCM
> and AES-NI are possible. However, libSRTP can be built with NSS or
> OpenSSL. You played around with OpenSSL six years ago [2]. Do you
> remember why it failed? Curl has several packages [3], the default for
> OpenSSL and an alternative package for NSS. Is something like this
> possible with your libsrtp2 package?
>
> [1] <https://salsa.debian.org/pkg-voip-team/libsrtp2/-/commit/afd2a46>
> [2] <https://salsa.debian.org/pkg-voip-team/libsrtp2/-/commit/d79666e>
> [3] <https://packages.ubuntu.com/source/impish/curl>
Linking with OpenSSL didn't fail in itself, but licensing of OpenSSL is
tricky and (as I recall) some consumers of libsrtp had licensing
incompatible with OpenSSL and the only real use back then (as I vaguely
recall) was for a randum number function which got deprecated due to
relying on private OpenSSL symbols.
Yes, it is indeed possible to have the packaging build the code multiple
times, linked against varying TLS engines, and then provide each as a
separate package. That is extra work, however, and I am not aware of
any concrete need for that.
Do you see a concrete use for alternate TLS enginge linkage, then please
share more details on that. Otherwise I will close this as a non-bug
(which is perfectly fine - I appreciate your asking regardless).
Kind regards,
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-voip-maintainers/attachments/20211022/ea163bec/attachment.sig>
More information about the Pkg-voip-maintainers
mailing list