There will be a problems with static builds on Solaris. Some libs on solaris
are not mentioned to be used that way and making static build with them is
quite tricky and unstable thing.
-----Original Message-----
From: Victor Kirhenshtein [mailto:victor_at_opticom.lv]
Sent: 7 ���� 2005 �. 20:01
To: NetXMS Developers talks
Subject: Re: [netxms-dev] OpenSSL
So, I see three ways for us:
1. Implement our own encryption layer
2. Use OpenSSL only as a library of encryption methods, and do not use
SSL protocol
3. Use SSL protocol
If we will use OpenSSL, it should be optional. If library is not
presented, agent will be built without encryption support. Most likely
not all agents will require encryption. Also, I start thinking about
"static" agents, i.e. when agent, set of standard subagents and system
libraries build statically into one solid executable, suitable for
binary redistribution. With such agents, we can provide binary packages
for all major UNIX'es (and with encryption support).
Any comments?
Victor
-----Original Message-----
From: Igor Kopman [mailto:Igor.Kopman_at_ctco.lv]
Sent: Monday, June 06, 2005 10:45 AM
To: NetXMS Developers talks
Subject: Re: [netxms-dev] OpenSSL
Library can be supplied WITH agent. You need only to build it once on
each type of system.
-----Original Message-----
From: Victor Kirhenshtein [mailto:victor_at_opticom.lv]
Sent: 6 2005 . 10:19
To: NetXMS Developers talks
Subject: Re: [netxms-dev] OpenSSL
I didn't heard about other GPL implementation of SSL.
About upgrade: even binary package will need SSL library installed on
the system. Not a problem in case of Linux or FreeBSD, but for other
systems can be.
-----Original Message-----
From: Igor Kopman [mailto:Igor.Kopman_at_ctco.lv]
Sent: Monday, June 06, 2005 10:13 AM
To: NetXMS Developers talks
Subject: Re: [netxms-dev] OpenSSL
Is there at least one SSL implementation under GPL(2) which proved to be
at least same stable as OpenSSL?
Maybe it's worth it to extend "upgrade" scheme to: "deploy source
package here, if successful - copy binaries to other machines"?
-----Original Message-----
From: Victor Kirhenshtein [mailto:victor_at_opticom.lv]
Sent: 6 2005 . 9:57
To: NetXMS Developers talks
Subject: [netxms-dev] OpenSSL
Hi all!
Now we have to choose - use OpenSSL library or not. Below I try to
summarize pros and cons of using OpenSSL:
Positive:
1. Well-tested encryption algorithm implementations
2. Ready to use encryption layer
3. Possibility to use certificates for authentication
Negative:
1. OpenSSL is a huge library, and we need only a few percents of it's
functionality 2. If we need encryption between server and agents, each
agent will be required to have OpenSSL library installed (and OpenSSL
development package for source distribution). 3. I heard about problems
with passing large chunks of data through OpenSSL, and NetXMS sometimes
uses very large messages.
Any comments?
Regards,
Victor
Received on Wed Jun 08 2005 - 10:52:52 EEST
This archive was generated by hypermail 2.2.0 : Mon Aug 01 2005 - 00:43:49 EEST