[Openswan dev] Removal of #ifdef X509 code completed
Ken Bantoft
ken at xelerance.com
Mon Mar 8 04:40:24 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Okay, some progress on this.
I talked with mcr this evening about this, as I was doing unrelated tree
surgery (freeswan.h -> openswan.h) and was going to do this next. He
raised the point of embedded systems without threads support (eg: ucLinux
on MIPS). He suggested a global -DHAVE_THREADS option (since we use them
in XAUTH code too, as -DXAUTH_PTHREADS).
The reason for the ifdefs is really to control the #include <pthread.h>
and $CC -lpthread compilation flags - I don't know another method of doing
it.
So I cleaned it all up, and changed the X509_FETCH to HAVE_THREADS, put it
into Makefile.inc as enabled by default for now, and updated the XAUTH
code to respect the new global variable too. So now people who are
building on embedded boxes without threads support are not left out in the
cold, and we can continue to use threads with a simple method to turn them
off if developers suspect we're running into pluto bugs. Hopefully this
makes everyone happy, and development can continue forward a bit quicker.
We might be able to remove a few of the HAVE_THREADS in the x509.c code,
but I'm not familiar enough the code/functions called to feel comfortable
changing it yet. Direction on this is welcome!
Ken
On Sun, 7 Mar 2004, Ken Bantoft wrote:
> --[PinePGP]--------------------------------------------------[begin]--
>
> Okay... I wasn't aware that crlcheckinterval=0 would "turn off" all of
> that code - I'll take another pass and remove some more stuff then.
>
> Ken
>
> On Sun, 7 Mar 2004, Andreas Steffen wrote:
>
> > Thanks Ken!
> >
> > Actually I don't understand why you need the #ifdef X509_FETCH
> > statements at all. If crlcheckinterval is set to 0 seconds
> > (which is the default setting) then no threads are started,
> > so there will be no concurrent processing. Just a couple of mutexes
> > are in place which should do no harm.
> >
> > Regards
> >
> > Andreas
> >
> > Ken Bantoft wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > I've comitted changes in CVS to remove the #ifdef X509 code.
> > >
> > > #ifdef X509_FETCH is still in place at the moment, as it uses threads, and
> > > there is some belief that other parts of Openswan are not currently
> > > thread-safe. Hopefully we can get this resolved shortly.
> > >
> > > Note: I haven't fully tested it, but the regression tests will let me know
> > > Sunday morning if I missed anything.
> > >
> > >
> > > - --
> > > Ken Bantoft VP Business Development
> > > ken at xelerance.com Xelerance Corporation
> > > sip://toronto.xelerance.com http://www.xelerance.com
> > >
> > > The future is here. It's just not evenly distributed yet.
> > > -- William Gibson
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.2.1 (GNU/Linux)
> > >
> > > iD8DBQFASqfNPiOgilmwgkgRAoJzAKDAVl+fit2+3tqQpvw16oyK4fpAIACeJt1s
> > > co/is6oM0eMlARTLyFGPwmE=
> > > =IVOK
> > > -----END PGP SIGNATURE-----
> >
> > =======================================================================
> > Andreas Steffen e-mail: andreas.steffen at strongsec.com
> > strongSec GmbH home: http://www.strongsec.com
> > Alter Zürichweg 20 phone: +41 1 730 80 64
> > CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
> > ==========================================[strong internet security]===
> > _______________________________________________
> > Dev mailing list
> > Dev at lists.openswan.org
> > http://lists.openswan.org/mailman/listinfo/dev
> >
>
> --
> Ken Bantoft VP Business Development
> ken at xelerance.com Xelerance Corporation
> sip://toronto.xelerance.com http://www.xelerance.com
>
> The future is here. It's just not evenly distributed yet.
> -- William Gibson
>
> --[PinePGP]-----------------------------------------------------------
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpg: Signature made Sun 07 Mar 2004 05:01:22 PM CET using DSA key ID 59B08248
> gpg: Good signature from "Ken Bantoft (GPG Key) <ken at bantoft.org>"
> gpg: aka "Ken Bantoft (MDS Proteomics) <kbantoft at mdsp.com>"
> gpg: aka "Ken Bantoft (FreeS/WAN) <ken at freeswan.ca>"
> gpg: aka "Ken Bantoft (FreeS/WAN) <ken at freeswan.org>"
> gpg: aka "Ken Bantoft (Xelerance) <ken at xelerance.com>"
> gpg: aka "Ken Bantoft (Charon Consulting) <ken at charon.ca>"
> --[PinePGP]----------------------------------------------------[end]--
>
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAS+srPiOgilmwgkgRAmpsAKCasZiOLZbNCqKK+OGrVAGxqBnh6gCgi6Jm
gyl+9etRRl5DfN9tyfnCDDU=
=FrQr
-----END PGP SIGNATURE-----
More information about the Dev
mailing list