Replies: 2 comments
-
|
In the core of the OpenSCAP we use crypto libraries only for checksum calculations. And while this functionality is somewhat abstracted (there is an option to choose between GCrypt and NSS) the code is not quite good, and there was never an attempt to include OpenSSL as an option for checksum calculation. The scope is quite limited, though, so it might be not too complex task after all. It'd make sense to have it since we also depend on OpenSSL via xmlsec1 library, but we don't have any plans to do that at this moment. We will definitely accept a patch doing that (with an appropriate set of tests). |
Beta Was this translation helpful? Give feedback.
-
|
This is a good place to start looking at the problem: https://github.com/OpenSCAP/openscap/tree/main/src/OVAL/probes/crapi |
Beta Was this translation helpful? Give feedback.
-
Dear OpenSCAP Maintainers,
I am reaching out to inquire whether OpenSCAP can be built using OpenSSL instead of Gcrypt and NSS. In our environment, we rely heavily on OpenSSL and having OpenSCAP use the same library would help reducing dependencies.
Is there any ongoing effort to integrate OpenSSL as an alternative to Gcrypt and NSS? If not, would such a change be feasible, and are there any major technical obstacles to consider?
I appreciate your insights and guidance on this matter. Looking forward to your response.
Best regards,
Marc
Beta Was this translation helpful? Give feedback.
All reactions