-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make the OpenSSL dependency optional #6
Comments
Sorry for the late reply, it is possible to link statically with OpenSSL, that's what we do for xeus-python-wheel. However, if you want or need the ability to link with another crypto library, I have nothing against adding it as an optional dependency in the CMakeLists.txt that would disable the dependency on OpenSSL. The part of the code related to authentication is already flexible enough to accept another implementation (see xeus-zmq/src/xauthentication.cpp Line 43 in 51d1c3d
openssl_authentication is a private implementation of the xauthentication interface).
|
Alright, I'll try to find some time to implement |
I would like to get back to this issue. I found a few standalone |
I am not aware of other schemes that would be used at the protocol level. Your implementation could throw an exception when another scheme is used, that would help to detect them. Besides, I don't think we want to embed cryptographic files directly in xeus-zmq, because that means that we would have to maintain them, and we are definitely not cryptographic experts. Depending on a well-known, rocket-tested library like mbedtls is a better alternative. Also the packages for osx-arm64 have been added on conda-forge, I think they should work on the M1 now. |
It looks like OpenSSL is only used for HMAC. mbedtls is a great alternative that's actually easy to build. According to this issue there is support for constant-time HMAC comparisons as well.
It would be ideal if you could do something like:
cmake -B build -DXEUS_ZMQ_USE_MBEDTLS=ON
.Right now I'm using CMake as a package manager like this (the
mamba
packages are not working whatsoever on the M1):As you can see this requires me to pass
OPENSSL_ROOT_DIR
around (and I can forget about statically linking everything). With mbedtls I would only have to add the following in front ofxeus-zmq
and everything would work as a fully self-contained environment:Likely I'll do the work anyway, but let me know your thoughts on how to best approach this.
The text was updated successfully, but these errors were encountered: