On 8 August 2017 at 18:35, Alexander Kanavin <alexander.kanavin@linux.intel.com> wrote:

On 08/08/2017 06:58 PM, Mark Hatle wrote:

Can we somehow make openssl(10) or nettle a choice when compiling?

I ask because I've worked on a few systems where people seem to want one
encryption engine for as much of the system as possible (usually openssl).
While gstreamer has not been a problem in such systems, I could see it being
something that would need to be considered.

This would need to be done across all recipes where such choice is supported, as a 'preferred crypto engine' distro feature. There's been talk of doing this, but I don't remember what was the outcome.

There was a bug for this but I literally closed it earlier today on the grounds that it would mean patching every user of a crypto library to add an abstraction and alternative codepaths. If you don't patch every instance then there is no point in a global option.

We can have packageconfigs, and expose the choice if the upstream does, but I think the only sane option is to leave it to the user to set the options. It's trivial enough to blacklist openssl if you never want to use it.

Ross