[Openswan dev] nss/nspr4 warning and PLUTO_SENDS_VENDORID vs HAVE_LIBNSS

Paul Wouters paul at xelerance.com
Wed Jan 6 13:18:37 EST 2010

On Tue, 5 Jan 2010, Avesh Agarwal wrote:

>> Alternatively, we could run the md5 on the version in our release script,
>> and generate a custom header of field with the md5 sum, so that the code
>> does not have to run an md5() call, but honestly, I find that really a 
>> silly
>> obfuscation that should not be needed.
> I also feel that is a bad way of implementation.

It seems it is the best solution though. Note that apart from our own
vendorid, we also calculate incoming vendorids using md5 calls in

What would need to happen to phase out md5 is:

- Create a vendorid string for Openswan, perhaps one that does not get md5'ed
- Create a static table of md5'ed older openswan version strings
- Convert the code in vendor.c/vendor.h to use static precomputed
   tables of vendorid and md5(vendorid)

Though to complete this does take some effort, and I do not see us
doing that for openswan 2.6.24.


More information about the Dev mailing list