On Tue, Feb 9, 2010 at 5:57 PM, Jeff King <peff@xxxxxxxx> wrote: > On Tue, Feb 09, 2010 at 04:13:26PM +0100, Erik Faye-Lund wrote: > >> On Tue, Feb 9, 2010 at 4:06 PM, Jeff King <peff@xxxxxxxx> wrote: >> > On Tue, Feb 09, 2010 at 09:09:01PM +0900, Hitoshi Mitake wrote: >> > >> >> base64.c | 122 ++++++++ >> >> base64.h | 36 +++ >> >> md5.c | 600 +++++++++++++++++++++++++++++++++++++++ >> >> md5.h | 61 ++++ >> >> md5_hmac.c | 137 +++++++++ >> >> md5_hmac.h | 36 +++ >> > >> > That's a lot of extra code. Doesn't imap-send already conditionally >> > compile against openssl for starttls support? Can't we just get all >> > three of these algorithms from openssl? >> > >> >> I don't think OpenSSL includes SASL-support that is needed for >> STARTTLS. But it might make sense to use something like GSASL[1] >> instead of rolling all the SASL-mechanisms ourselves. > > Did you mean "SASL-support that is needed for CRAM-MD5"? The SASL needed > for that is pretty simple. Hitoshi's patch 3/4 does all of that already > in less than 100 lines. Using a "real" sasl library might get us more > authentication methods than CRAM-MD5, but I don't know that anyone > necessarily cares about them. > No, that's not what I meant. I agree that CRAM-MD5 should be sufficient, but to be honest I'd already thought that once you have an SSL connection, plaintext would also be sufficient. So I'm thinking of this addition as a "hmpf, some server requires stuff that is really over the top - perhaps we'll have this problem later with other servers, and we'd be better off just using some well-tested implementation". But that's kinda philosophical. > But using openssl to replace the low-level routines in patches 1+2 would > drop almost 1000 lines, and not significantly change his 3/4. > > Personally, I don't care either way about using a SASL library. It's an > extra dependency, but one that is optional for this feature. But > somebody will have to do the work to integrate it, whereas I think using > openssl is only a few lines of change. If somebody wants to do that > work, then great. > I agree. -- Erik "kusma" Faye-Lund -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html