[Openswan dev] nss/nspr4 warning and PLUTO_SENDS_VENDORID vs HAVE_LIBNSS
paul at xelerance.com
Wed Jan 6 13:18:37 EST 2010
On Tue, 5 Jan 2010, Avesh Agarwal wrote:
>> Alternatively, we could run the md5 on the version in our release script,
>> and generate a custom header of field with the md5 sum, so that the code
>> does not have to run an md5() call, but honestly, I find that really a
>> obfuscation that should not be needed.
> I also feel that is a bad way of implementation.
It seems it is the best solution though. Note that apart from our own
vendorid, we also calculate incoming vendorids using md5 calls in
What would need to happen to phase out md5 is:
- Create a vendorid string for Openswan, perhaps one that does not get md5'ed
- Create a static table of md5'ed older openswan version strings
- Convert the code in vendor.c/vendor.h to use static precomputed
tables of vendorid and md5(vendorid)
Though to complete this does take some effort, and I do not see us
doing that for openswan 2.6.24.
More information about the Dev