use libcrypt before libcrypto

Jim Knoble jmknoble at pobox.com
Wed Jun 26 02:15:40 EST 2002


[Copied to openssl-users at openssl.org]

Circa 2002-Jun-25 11:31:04 +0900 dixit itojun at iijlab.net:

: >> +# use libcrypt if there is
: >> +AC_CHECK_LIB(crypt, crypt, LIBS="$LIBS -lcrypt")
: >> +
: >AC_CHECK_LIB(crypt, crypt) will automatically add -lcrypt to $LIBS. It
: >will also define HAVE_LIBCRYPT (is this what you're trying to avoid)?
: >Anyway, I'd prefer:
: >  AC_CHECK_FUNCS(crypt, , AC_CHECK_LIB(crypt, crypt))
: >This way we check if crypt is resolvable using the existing $LIBS and,
: >if not, use $LIBS+-lcrypt.
: 
: 	either way is fine for me, as long as crypt() supplied by the
: 	native system is preferred than openssl crypt().  thanks.
: 
: itojun

Isn't this really a problem for OpenSSL?  I know that several vendors
(notably Linux ones...) already patch OpenSSL to remove crypt() from
OpenSSL's libcrypto, so that crypt() is only available via the system
libcrypt.  Even the stock OpenSSL-0.9.6d sources omit crypt() under
FreeBSD, NeXT, and Darwin.

I really think that OpenSSL should not contain crypt() at all.  For
situations where the system crypt() is so broken as to prefer OpenSSL's
implementation, the symbol should be openssl_crypt(), or something
similarly named, and it's up to the calling application to #define it
as crypt() or not.

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020625/0b4bf641/attachment.bin 


More information about the openssh-unix-dev mailing list