[DISCUSSION] Re: openssl - optional or mandatory?

[Jens Geyer <je...@hotmail.com>]

Hi Jim,

that discussion should not be a private conversation between the two of us, so I move it to the mailing list.

> THRIFT-4104: is openssl supposed to be optional or mandatory?
> The autoconf scripts don't seem to make provisions for conditional
> builds on openssl, as TSSLSocket.cpp is included as part of the
> standard transport list. While we make nonblocking and zlib stuff
> optional by building different libraries, I don't see the same
> behavior for openssl being optional.

I used to have a machine set up here with all kinds of target languages installed to just be able to run tests against any language whenever I need it. Unfortunately it is only a 32-bit machine, which is more or less out of date now, since Suse essentially dropped 32 bit support. Currently I just don’t have the time to replicate that for x64, because that means to reinstall everything from scratch, and that turned out to be a lot of work, so I only have some of them up and running now.

I never had nor don’t I have now openssl headers installed and still was always able to build next to everything, except of course SSL-related stuff. The autoconf files come equipped with tests for SSL headers, and that used to work fine. Until that c-glib patch came.

Sure, my setup may or may not be considered typical or atypical. But I would assume, that since Thrift is used internally only by a number of projects w/o exposing any Thrift API to the outer world, they may have not much of a need for SSL either. Demanding a lot of dependencies is always a PITA, with every tool, software or framework, especially when you are not going to use that feature at all.

The policy with Thrift in the past (or at least my understanding of it) was always to minimize hard dependencies as much as possible. And that was a good thing, because with 20+ target languages that reduces quite a bit of complexity. I don’t see anything special in SSL/TLS  so in my opinion it falls into the same category.

TL;DR:

  *   I personaly would still vote for SSL/TLS being optional, not mandatory.
  *   And I don’t see anything special in c-glib that prevents us from configuring it accordingly.


Have fun,
JensG


PS: Some people would add and argue that even C++ boost should better be optional. Given my experiences with it, I tend to agree.





From: Jim King
Sent: Saturday, March 11, 2017 3:33 PM
To: jensg@apache.org
Subject: openssl - optional or mandatory?

THRIFT-4104: is openssl supposed to be optional or mandatory? The autoconf scripts don't seem to make provisions for conditional builds on openssl, as TSSLSocket.cpp is included as part of the standard transport list. While we make nonblocking and zlib stuff optional by building different libraries, I don't see the same behavior for openssl being optional.