Thread (2 messages) 2 messages, 2 authors, 2016-06-15

Re: Combining APPLE_COMMON_CRYPTO=1 and NO_OPENSSL=1 produces unexpected result

From: Junio C Hamano <hidden>
Date: 2016-06-15 23:07:46

David Aguilar [off-list ref] writes:
I think the best long-term solution would be to abandon the
CommonCrypto backend, if possible.  There's not a strong reason
for its existence.  It always seemed kinda hacky, and bolted-on.
...
quoted
A few questions we should be asking Apple users are:

 - Is there a strong-enough reason why those who do not want to use
   SSL should be able to choose the SHA-1 implementation available
   from CommonCrypto over block-sha1?
IMO, no.
quoted
 - Is CommonCrypto SHA-1 a better implementation than block-sha1?
I do not believe this to be true.

My gut feeling is that we cannot rely on the long-term stability
and availability of Apple's APIs.  Block-sha1 works fine on
the current Apple hardware and I suspect that it (or openssl)
will continue to work fine in the future.
...
quoted
If people do not care, we can leave things as they are.  It would
seem mysterious to use block-sha1 when we are not using CommonCrypto
for SSL (i.e. NO_OPENSSL), and otherwise CommonCrypto SHA-1, and
would invite a puzzlement we saw in this thread, though.
I'm curious to see what others think about dropping CommonCrypto.
It seems like a good choice from a maintenance POV.
Judging by a week-long silence, it seems nobody seems to have much
to say on this issue.  Let me summon the git_osx_installer
maintainer to hear from somebody who know a lot better than me about
things around OS X.

Thanks.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help