[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

Aleksey Sanin aleksey at aleksey.com
Sun Mar 6 22:31:58 PST 2005


>>>> 10) src/nss/tokens.c
Thanks for long explanations! I think I understand your point but
I am just not sure that the way it is done right now is generic
enough :) For example, it is still one and only one "best slot"
for a given algorithm for the whole application. I can see a
situation when one would need to do encryption on *different* slots
(for example, for performance reasons different threads run crypto
operation on different slots).

Anyway, I have another proposal. How about replacing NSS GetBestSlot()
function with xmlSecNss one. By default, xmlsec will simply call
NSS version but application would be able to replace this callback
with anything it wants. In your case, you'll have some custom function
that would use the tokens list you have right now. In the case
I described above, it might be a simple function that provides a static
mapping between threads and slots.

On your side, the only change would be to move the tokens list code
out of xmlsec to the application layer (and may be you can rewrite it
using better data structures like map or hash than a plain list used
now).

How does it sounds to you?

Aleksey



More information about the xmlsec mailing list