[syslog-ng] [new shared lib] libsyslog-ng-crypto.so

Balazs Scheidler bazsi at balabit.hu
Tue May 3 22:04:21 CEST 2011 

Hi,

I just wanted to give a heads-up for people doing development on
syslog-ng code, that I've introduced libsyslog-ng-crypto.so in the core,
which is to contain core code that depends on libssl.

You probably know, that one of the driving factors for modularizing
syslog-ng was to make the core of syslog-ng independent of OpenSSL,
since that is not available during early boot on a number of systems.

Anyhow, there's a lot of code, that should be shared between plugins,
but would depend on OpenSSL.

To resolve this problem, I've now created libsyslog-ng-crypto.so,
installed into $prefix/lib/syslog-ng (e.g. a private lib, which lives in
the same place as the plugins), which is now responsible for:

  - seeding the random number generator
  - TLS transport code (tlstransport.c, earlier in the afsocket module)
  - TLS context code (tlscontext.c, -"-)

I guess some others may follow. Plugins that would use openssl, should
_always_ link against libsyslog-ng-crypto.so, as the random number
generator is seeded when this library is loaded. (of course not all
platforms need explicit PRNG seeding, but some do).

Now as I'm reviewing the patch again, it is quite dirty, contains some
unrelated changes, so don't take it as an example, but now a lot of
others have accumulated on top of it, so I don't want to rebase and
change the history.

This is the patch I'm talking about:

Author: Balazs Scheidler <bazsi at balabit.hu>  2011-04-30 20:17:44
Committer: Balazs Scheidler <bazsi at balabit.hu>  2011-04-30 20:17:44
Parent: adff96aa401c8ef398a617c14daf7dc45f85cab7 (logreader: fixed parsing flags containing dashes or underscores)
Child:  2b65655028da7cc216aa747d0bb206fe28b93955 (logwriter: initialize the queue_filled event earlier)
Branches: master, remotes/origin/master
Follows: v3.3.0alpha2
Precedes: 

    libsyslog-ng-crypto.so: This patch introduces a new shared object where openssl dependent core goes
    
    The TLS code is sufficiently independent from the afsocket plugin, however
    currently they go in the afsocket module directory. This patch introduces
    a new shared object called libsyslog-ng-crypto.so, which contains TLS code,
    random number initialization and basically everything that would introduce
    an openssl dependency.
    
    
    Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>


-- 
Bazsi

More information about the syslog-ng mailing list