ssl
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, LCMark
ssl
I was about to add sha512 support to complement sha1, but I notice that we're implementing our own functions instead of calling the ones in the openssl library. Is there a valid reason for that?
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
Re: ssl
When we added sha1 I just followed the same pattern as md5 (by using an open source imp that was readily available - Scott implemented md5 by hand way back). This means they don't have a dependence on revsecurity - which these days probably doesn't matter so much anymore since the world is/has moved to ssl.
There's a pull request with a spec for digest functions I wrote a while ago here:
https://github.com/runrev/livecode/pull/1897
The main issue is choosing appropriate function names - sha256 / sha512 are somewhat ambiguous when you consider the current (1,2) and soon to come sha3 algorithms.
There's a pull request with a spec for digest functions I wrote a while ago here:
https://github.com/runrev/livecode/pull/1897
The main issue is choosing appropriate function names - sha256 / sha512 are somewhat ambiguous when you consider the current (1,2) and soon to come sha3 algorithms.
Re: ssl
I've looked over the pull request, and that all seems reasonable. I don't have strong opinions about the proposed syntax.
Looking at the build files in the libopenssl directory, it seems that we're grabbing the latest openssl library, and that's good. It's not clear to me what happens after that, though... when a standalone app is built are we just using links to whatever openssl library is installed on the target computer or are we bundling the openssl library from the build computer? If it's the latter, then standalone apps won't get security patches.
Looking at the build files in the libopenssl directory, it seems that we're grabbing the latest openssl library, and that's good. It's not clear to me what happens after that, though... when a standalone app is built are we just using links to whatever openssl library is installed on the target computer or are we bundling the openssl library from the build computer? If it's the latter, then standalone apps won't get security patches.
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
Re: ssl
Hi,
But do StandAlones get patches now, actually?
Besides, I'm using libHash-Hmac by Mark Smith now, will this become obsolete? Will you be compatible with (other handler names at least)?
Thx, and have fun!
Sry that I interfere here, I'm by far not qualified.mwieder wrote:If it's the latter, then standalone apps won't get security patches.
But do StandAlones get patches now, actually?
Besides, I'm using libHash-Hmac by Mark Smith now, will this become obsolete? Will you be compatible with (other handler names at least)?
Thx, and have fun!
All code published by me here was created with Community Editions of LC (thus is GPLv3).
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!
If you use it in closed source projects, or for the Apple AppStore, or with XCode
you'll violate some license terms - read your relevant EULAs & Licenses!