On Sun, Oct 04, 2009 at 03:15:26PM +0200, Holger Freyther wrote:
On Sunday 04 October 2009 13:51:29 Harald Welte
wrote:
one further note on the missing md5 file:
As it seems it is only used to generate a pseudo-random 32bit value
for use in the SSRC: I'd rather not introduce a copy of MD5 for that.
There are two options to take:
1) simply use the same [not very random] method as we use for the TMSI
2) introduce a dependency to openssl and use that. Given that nanoBTS
also support OML/RSL over SSL/TLS, I think sooner or later we will
have to add that dependency anyway.
Are you sure you want to introduce code that is using SSL?
sure, SSL is a pretty standard thing.
This would mean we have to check if someone from the
US sends us a SSL patch
and reject it based on the region.
I think you're living in the past if you think that US crypto export
regualtions are still in place... or am I missing something?
The other issue with OpenSSL is that the license is
considered
to not be GPL compatible and that the GNUtls replacement is not there yet....
gnutls is not there in what sense? Sure, it tends to behave different than one
expected and it appearst to have interesting bugs here and there, but when it
comes to the core/key functionality of simply handling a single TLS/SSL stream,
I don't think there will be much of a problem with it. Debian is using +
shipping it as the standard library for SSL/TLS for quite some time now, and
I'm using it heavily on many systems...
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)