Hello,
I would like to ask about the crypto backend used by freeipmi. Currently
it is using libgcrypt for AES cipher and digests. This library is less
used and less actively developed than other crypto libraries, which
makes one less confident using it. Other crypto libraries also have the
advantage of easier certification and better integration with system
crypto policies for users who care about this. I thus propose adding
support for another (better supported) crypto library. This would be
selected at compile time (no pluggable modules or anything runtime like
that).
Choices for the other library are GnuTLS or OpenSSL. For OpenSSL one
will find many more tutorials and examples as it is much more widely
used and many more people are more or less familiar with it, so I think
it should be the preferred choice. In the past its license used to be a
problem for GPL programs, but now it is relicensed to the Apache 2
License in part to make it directly compatible with GPLv3 programs, so
there is no problem there. But GnuTLS would be ok as well.
Have there been any plans for such a change? If not, what do you think
about it? If we reach an agreement on this, I can start working on the
change and send patches.
Best regards,
Pavel Cahyna
Red Hat