[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Future of KSSL
From: George Staikos <staikos () kde ! org>
Date: 2006-11-15 20:23:04
Message-ID: 831C1915-BFA1-4AE3-948A-34D608437219 () kde ! org
[Download RAW message or body]
Hi Brad,
I want to start out by saying that QCA looks really cool and I
do hope to be able to use it in some of my projects in the future.
However I'm really struggling to figure out what the goal is here. I
keep hearing people say they want to rewrite KSSL. What is KSSL?
- SSL integration for KDE's I/O system
- A wrapper around a very heavy library to delay loading of it:
Performance optimization
- A centralization of policy decisions
I will also add:
- It is very hacky
- Was implemented as a result of compounding needs as opposed to a
clean initial design
However:
- The library is primarily an internal tool
- It generally works fairly well
- It has gone through very many bug fixes, especially for site
compatibility problems
In light of this, what is the goal of rewriting it? I argue that
solving the hacky implementation problem is not worth the risk of
breaking anything else. We don't have any sort of lack of progress
because of this. I also argue that it won't solve any problems with
apps not using KSSL. Apps circumventing KSSL are only due to two
things: 1) a desire to circumvent policy decisions 2) missing
features. 1 can't be solved and I think it should actually be a
criteria for ejecting applications from KDE distribution. 2 is
easily solved and doesn't require any rewriting.
I said in the past that I'm not opposed to a QCA backend for KSSL
and I would even be interested in seeing it. I know it's not easy to
do that. It's probably downright ugly, which made me wonder why one
would even bother.
Instead of concentrating on a bottom-up approach of replacing a
crypto library for something that is primarily a policy
implementation, I would rather see the opposite. Take a problem such
as unimplemented ability to use SSL from sockets. Make a socket SSL
implementation that shares all policy decisions with KSSL.(I)
Therefore factor some of KSSL out into a separate library. Provide
the UI (widgets) and other tools that all apps need to share. Then
the logic will remain the same but in a better form and only then
will the backend be a simple replacement exercise - if someone even
cares. Also at this point we would need a very strong regression suite.
I: It might be nice to make KIO more useful for non-slave-based apps
too. That might be the real answer we're seeking.
On 12-Nov-06, at 5:51 AM, Brad Hards wrote:
> George,
>
> I've started looking at the port of KSSL to QCA. I was going to put
> this off
> till either you or Thiago had a chance to do it, but I'm a bit
> worried that
> QCA might be missing some things that are needed for KDE, and I'd
> rather find
> those things out sooner rather than later.
>
> As I see it, there are two distinct ways the port could go:
> 1. Remove kopenssl.h, and substitute QCA.
> 2. A more extensive rework of KSSL and its users, such that
> applications
> mostly use QCA directly.
>
> I had originally assumed that the first would be much easier,
> however a bit
> more investigation showed that maybe this is not the case. In
> particular,
> there is a fair amount of OpenSSL dependency throughout KSSL
>
> As it currently exists in trunk, KDE/kdelibs/kio/kssl has the
> following header
> files:
>
> kopenssl.h - declares one class - KOpenSSLProxy, which does the
> interface shim
> to OpenSSL.
>
> ksslcertificatecache.h - declares one class KSSLCertificateCache.
> This is used
> in konversation, crypto KCM, TcpSlaveBase in KIO, within KSSL, in
> KSSLD, and
> within the groupwise resource in kdepim. This class has no direct QCA
> equivalent.
>
> ksslconnectioninfo.h - declares one class - KSSLConnectionInfo.
> Used in KSSL.
>
> ksslinfodlg.h - declares two classes - KSSLCertBox and KSSLInfoDlg,
> both of
> which are dialogs that show information about certificates and SSL.
> Used in
> the crypto KCM and the X.509 certificate KPart. This class has no
> direct QCA
> equivalent, and probably can't since it would require at least QtGui.
>
> ksslpkcs12.h - declares one class - KSSLPKCS12, which represents a
> PKCS#12
> cert/key pair. Appears to be a work in progress (for example,
> exposes the
> private key as a EVP_PKEY*, which is OpenSSL specific). Used in a
> few places
> in KSSL, plus KSSLD, the X.509 certificate KPart, the TcpSlaveBase
> in KIO,
> and the crypto KCM. The QCA equivalent is KeyBundle.
>
> ksslsigners.h - declares one class KSSLSigners, which manipulates
> KSSLD over
> dcop. Used by the X.509 certificate KPart and the crypto KCM. Part
> of the
> functionality (checking for the allowable purpose of an X.509
> certificate) is
> built into QCA Certificate validity checking. The database
> manipulation
> functionality would be abstracted to operations on a QCA::KeyStore
> with a KDE
> specific provider.
>
> ksslall.h - this is just a convenience header, which brings in most
> of the
> other headers - those that basically make up the public API (not
> kopenssl.h,
> ksslcsessioncache.h, ksslkeygen.h, kssldefs.h, ksslcertdlg.h,
> ksslpemcallback.h or ksmimecrypto.h)
>
> ksslcertificatefactory.h - declares one class -
> KSSLCertificateFacoty, which
> just has one static member (generateSelfSigned()). Doesn't appear
> to do
> anything.
>
> ksslcsessioncache.h - declares one class KSSLCSessionCache, which
> is a couple
> of static members that allow access to a session cache. Appears to
> only be
> used by SimpleJob in KIO. This class has no QCA equivalent.
>
> ksslkeygen.h - declares one class - KSSLKeyGen, which is
> essentially a key
> generation wizard (currently using Q3Wizard, there is a warning
> about porting
> to new KWizard). Only used by HTMLKeygenElementImpl in KHTML. The
> generateCSR() method and slotGenerate() slot are only used
> internally by
> KSSLKeyGen. This class has no direct QCA equivalent, and probably
> can't since
> it would require at least QtGui.
>
> ksslpkcs7.h - declares one class - KSSLPKCS7, which is an
> abstraction for
> PKCS#7, mostly just static methods. Used in KFtpGrabber (in
> extragear), the
> crypto KCM, within KSSL, and the X.509 certificate KPart.
> The QCA::Certificate and QCA::CertificateCollection classes have
> essentially
> equivalent functionality.
>
> ksslutils.h - declares three functions which are only used with
> KSSL. QCA does
> something similar, but it is all hidden in the OpenSSL provider.
>
> ksslcertchain.h - declares one class - KSSLCertChain, representing
> a chain of
> X.509 certificates. Used within KSSL, and for the Java applet
> server in
> KHTML. The QCA equivalent is CertificateChain.
>
> ksslcertificate.h - declares one class - KSSLCertificate, which is
> a X.509
> certificate. Used in Konversation, KHTML, TcpSlaveBase and Observer
> in KIO,
> the crypto KCM, and the X.509 Certificate KPart, KSSLD, the groupwise
> resource for kdepim, the UIServer for KIO, plus within KSSL. I'm a bit
> worried about the Observer class, since it says "# warning FIXME
> This will
> never work" just near it, but doesn't explain why. The QCA
> equivalent is
> Certificate.
>
> kssldefs.h - defines four macros, used for openssl version
> incompatibility.
>
> ksslpeerinfo.h - declares one class - KSSLPeerInfo. Used in a few
> places
> (Konversation, TcpSlaveBase in KIO, groupwise resource in kdepim,
> inside
> KSSL), but almost exclusively from KSSL. QCA can do something
> similar, but it
> is just a CertificateChain object - the same kind of object for the
> local
> chain andthe peer chain.
>
> ksslsession.h - declares one class - KSSLSession, which is some
> kind of
> persistant storage for an SSL session (based on the session ID.
> Appears to
> only be used for the TcpSlaveBase in KIO, and internally within
> KSSL. QCA
> doesn't expose session re-use (may or may not be implemented by the
> provider)
> - if you want to reuse the session, you just reuse the QCA::TLS
> object [Under
> review, because this might mean you cannot do simultaneous requests].
>
> ksslx509map.h - declares one class - KSSLX509Map, which is a QMap
> of the
> various elements with in the subject or issuer for a certificate.
> Used in
> Konversation, the crypto KCM, the X.509 Certificate KPart, KSSLD,
> and a
> couple of places within KSSL. Very similar to the CertificateInfo
> class
> within QCA, except that CertificateInfo uses an enum for the key,
> and there
> can be multiple values per key (QMultiMap).
>
> ksslcertdlg.h - delcares one class - KSSLCertDlg, which is a dialog
> to display
> X.509 certificates. Only used by the KIO UIServer. This class has
> no QCA
> equivalent, and probably can't since it would require at least QtGui.
>
> ksslcertificatehome.h - declares one class - KSSLCertificateHome,
> which
> basically a bunch of static methods. Used by KSSLD, TcpSlaveBase in
> KIO, and
> the crypto KCM. Some of the methods aren't used
> (getCertificateByHost(),
> getDefaultCertificate(). This class has no equivalent in QCA.
>
> kssl.h - declares one public class - KSSL. Used by the groupwise
> resource in
> kdepim, the java appletserver in khtml, TcpSlaveBase in KIO. Basically
> equivalent to QCA::TLS.
>
> ksslpemcallback.h - declares one class - KSSLPemCallback which is
> essentially
> just a structure. Only used in the X.509 certificate KPart. No direct
> equivalent in QCA, although you can implement something similar using
> EventHandler.
>
> ksslsettings.h - declares one class - KSSLSettings. Used in the
> KHTML part,
> TCPSlaveBase in KIO (almost identical code) and within KSSL. No
> direct QCA
> equivalent.
>
> ksslx509v3.h - declares one class - KSSLX509V3, which represents
> the V3 flags
> on a certificate. Only used within KSSL. The QCA equivalent is
> built into the
> Certificate class (although not identical functionality).
>
> ksmimecrypto.h - declares one class - KSMIMECrypto - a SMIME
> signing/verifying/encrypting/decrypting interface. Doesn't seem to
> be used
> anywhere in KDE. Equivalent capability provided by QCA::CMS.
>
>
> Out of all that, I conclude that there are only a few
> applications / classes
> that use KSSL.
> KIO::TcpSlaveBase, TCP::Observer, TCP::SimpleJob
> KSSLD
> the crypto KCM
> the X.509 certificate KPart.
> Konversation
> KHTML
> groupwise resource
> KFtpGrabber
> (there was one more - the certificate metadata plugin in kdeaddons,
> but I've
> already ported it to use QCA directly).
>
> I looked at how much of KSSL might be able to be removed. Out of
> the users, it
> should be pretty easy to port the certificate KPart to use just
> QCA. It might
> stand a useability review as well.
>
> Konversation should probably be ported to use the KIO framework. It
> appears to
> use code that was originally borrowed from kopete, which is no
> longer using
> it. Similar for the groupwise resource.
>
> The functionality that is really only supporting the KHTML java
> applet server
> could be pushed into KHTML.
>
> KFtpGrabber looks to be using part of KSSL, part of openssl
> directly, and part
> of its own code. I don't get it.
>
> After that, we have the main KIO Job classes, KSSLD, and the crypto
> KCM. In
> addition to what QCA currently offers, there is a bit of
> configuration/setup
> that would end up interfacing to QCA as a KeyStore plugin. It might
> require
> some work to port, but it still might be easier than the port to
> KOpenSSL.
>
> There are those KDialog subclasses that provide display. They could
> be left in
> a modified libkio or moved to kdeui (which would then depend on
> libqca).
>
> After some or all of that, there will be some (more) dead code that
> can just
> be removed.
>
> So much for where I'm seeing it from. How do you see it?
>
> Brad
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
[Attachment #3 (unknown)]
<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: \
after-white-space; ">Hi Brad,<DIV><BR class="khtml-block-placeholder"></DIV><DIV> I want to \
start out by saying that QCA looks really cool and I do hope to be able to use it in some of my \
projects in the future. However I'm really struggling to figure out what the goal is here. I \
keep hearing people say they want to rewrite KSSL. What is KSSL?</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>- SSL integration for KDE's I/O system</DIV><DIV>- A \
wrapper around a very heavy library to delay loading of it: Performance \
optimization</DIV><DIV>- A centralization of policy decisions</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>I will also add:</DIV><DIV>- It is very \
hacky</DIV><DIV>- Was implemented as a result of compounding needs as opposed to a clean \
initial design</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>However:</DIV><DIV>- \
The library is primarily an internal tool</DIV><DIV>- It generally works fairly \
well</DIV><DIV>- It has gone through very many bug fixes, especially for site compatibility \
problems</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV> In light of this, what is the goal of rewriting \
it? I argue that solving the hacky implementation problem is not worth the risk of breaking \
anything else. We don't have any sort of lack of progress because of this. I also argue that \
it won't solve any problems with apps not using KSSL. Apps circumventing KSSL are only due to \
two things: 1) a desire to circumvent policy decisions 2) missing features. 1 can't be solved \
and I think it should actually be a criteria for ejecting applications from KDE distribution. \
2 is easily solved and doesn't require any rewriting.</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV> I said in the past that I'm not opposed to a QCA \
backend for KSSL and I would even be interested in seeing it. I know it's not easy to do that. \
It's probably downright ugly, which made me wonder why one would even bother.</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV> Instead of concentrating on a bottom-up approach \
of replacing a crypto library for something that is primarily a policy implementation, I would \
rather see the opposite. Take a problem such as unimplemented ability to use SSL from sockets. \
Make a socket SSL implementation that shares all policy decisions with KSSL.(I) Therefore \
factor some of KSSL out into a separate library. Provide the UI (widgets) and other tools that \
all apps need to share. Then the logic will remain the same but in a better form and only then \
will the backend be a simple replacement exercise - if someone even cares. Also at this point \
we would need a very strong regression suite.</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV>I: It might be nice to make KIO more useful for \
non-slave-based apps too. That might be the real answer we're seeking.</DIV><DIV><BR \
class="khtml-block-placeholder"></DIV><DIV><DIV><DIV>On 12-Nov-06, at 5:51 AM, Brad Hards \
wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">George,</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">I've started looking at the port of KSSL to QCA. I was \
going to put this off<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">till either you or Thiago had a \
chance to do it, but I'm a bit worried that<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">QCA might be missing some things that are needed for KDE, and I'd rather find<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">those things out sooner rather than later.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: \
14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">As I see it, there are two distinct ways the port could go:</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">1. Remove \
kopenssl.h, and substitute QCA.</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">2. A more extensive rework of KSSL and its users, such \
that applications<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">mostly use QCA directly.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: \
14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">I had originally assumed that the first would be much easier, however a \
bit<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">more investigation showed that maybe this is not \
the case. In particular,<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">there is a \
fair amount of OpenSSL dependency throughout KSSL</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">As it \
currently exists in trunk, KDE/kdelibs/kio/kssl has the following header<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">files:</DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">kopenssl.h - \
declares one class - KOpenSSLProxy, which does the interface shim<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">to OpenSSL.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">ksslcertificatecache.h - declares one class KSSLCertificateCache. This is used<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">in konversation, crypto KCM, TcpSlaveBase in KIO, \
within KSSL, in KSSLD, and<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">within the \
groupwise resource in kdepim. This class has no direct QCA<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">equivalent.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">ksslconnectioninfo.h - declares one class - \
KSSLConnectionInfo. Used in KSSL.</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ksslinfodlg.h - declares two \
classes - KSSLCertBox and KSSLInfoDlg, both of<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">which are dialogs that show information about certificates and SSL. Used in<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">the crypto KCM and the X.509 certificate KPart. This \
class has no direct QCA<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">equivalent, \
and probably can't since it would require at least QtGui.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ksslpkcs12.h \
- declares one class - KSSLPKCS12, which represents a PKCS#12<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">cert/key pair. Appears to be a work in progress (for \
example, exposes the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">private key as a EVP_PKEY*, \
which is OpenSSL specific). Used in a few places<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">in KSSL, plus KSSLD, the X.509 certificate KPart, the TcpSlaveBase in KIO,<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">and the crypto KCM. The QCA equivalent is \
KeyBundle.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">ksslsigners.h - declares one class KSSLSigners, which \
manipulates KSSLD over<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">dcop. Used by the X.509 \
certificate KPart and the crypto KCM. Part of the<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">functionality (checking for the allowable purpose of an X.509 certificate) is<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">built into QCA Certificate validity checking. The \
database manipulation<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">functionality would be \
abstracted to operations on a QCA::KeyStore with a KDE<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">specific provider.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: \
0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">ksslall.h - this is just a convenience header, \
which brings in most of the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">other \
headers - those that basically make up the public API (not kopenssl.h,<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">ksslcsessioncache.h, ksslkeygen.h, kssldefs.h, \
ksslcertdlg.h,<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ksslpemcallback.h or \
ksmimecrypto.h)<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">ksslcertificatefactory.h - declares one class - KSSLCertificateFacoty, which<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">just has one static member (generateSelfSigned()). \
Doesn't appear to do<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">anything.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: \
14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">ksslcsessioncache.h - declares one class KSSLCSessionCache, which is a \
couple<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">of static members that allow access \
to a session cache. Appears to only be<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">used by \
SimpleJob in KIO. This class has no QCA equivalent.</DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ksslkeygen.h \
- declares one class - KSSLKeyGen, which is essentially a key<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">generation wizard (currently using Q3Wizard, there is a \
warning about porting<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">to new KWizard). Only used by \
HTMLKeygenElementImpl in KHTML. The<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; \
">generateCSR() method and slotGenerate()<SPAN class="Apple-converted-space"> </SPAN>slot are \
only used internally by<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">KSSLKeyGen. \
This class has no direct QCA equivalent, and probably can't since<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">it would require at least QtGui.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: \
14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">ksslpkcs7.h - declares one class - KSSLPKCS7, which is an abstraction \
for<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">PKCS#7, mostly just static methods. Used in \
KFtpGrabber (in extragear), the<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">crypto KCM, \
within KSSL, and the X.509 certificate KPart.</DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">The QCA::Certificate and \
QCA::CertificateCollection classes have essentially<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">equivalent functionality.</DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">ksslutils.h - declares three \
functions which are only used with KSSL. QCA does<SPAN class="Apple-converted-space"> \
</SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: \
0px; ">something similar, but it is all hidden in the OpenSSL provider.</DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; min-height: \
14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; ">ksslcertchain.h - declares one class - KSSLCertChain, representing a chain \
of<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: \
0px; margin-bottom: 0px; margin-left: 0px; ">X.509 certificates. Used within KSSL, and for the \
Java applet server in<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: \
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">KHTML. The QCA equivalent is \
CertificateChain.</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
margin-left: 0px; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">ksslcertificate.h - declares one class - \
KSSLCertificate, which is a X.509<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">certificate. \
Used in Konversation, KHTML, TcpSlaveBase and Observer in KIO, <SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">the crypto KCM, and the X.509 Certificate KPart, KSSLD, \
the groupwise<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; \
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">resource for kdepim, the UIServer \
for KIO, plus within KSSL. I'm a bit<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV \
style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">worried \
about the Observer class, since it says "# warning FIXME This will<SPAN \
class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; \
margin-bottom: 0px; margin-left: 0px; ">never work" just near it, but doesn't explain why. The \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic