Author ned.deily
Recipients benjamin.peterson, brian.curtin, christian.heimes, dilettant, dstufft, esc24, georg.brandl, larry, loewis, merwok, mlen, ned.deily, orsenthil, pitrou, ronaldoussoren
Date 2014-02-28.08:28:01
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za>
In-reply-to
Content
Crys, as Ronald noted above: "Now that I look at that code again: we can't extract that code and use it to patch upstream OpenSSL, the TrustEvaluationAgent framework is a private framework and hence off limits."  It doesn't seem like a good idea to be trying to base security on a private, undocumented framework and one that can change from OS X release to OS X release: our binary installers for OS X are designed to support multiple OS X versions.  I think the certsync approach is safer and more robust.  The other approach would be to directly use Apple's crypto APIs rather than OpenSSL but that would be a lot of work and a lot of testing and would also be more coupled to specific OS X releases.
History
Date User Action Args
2014-02-28 08:28:01ned.deilysetrecipients: + ned.deily, loewis, georg.brandl, ronaldoussoren, orsenthil, pitrou, larry, christian.heimes, benjamin.peterson, merwok, brian.curtin, esc24, dilettant, dstufft, mlen
2014-02-28 08:28:01ned.deilysetmessageid: <1393576081.81.0.155516442205.issue17128@psf.upfronthosting.co.za>
2014-02-28 08:28:01ned.deilylinkissue17128 messages
2014-02-28 08:28:01ned.deilycreate