On Thu, 26 Apr 2007, Peter O'Gorman wrote:

> % curl --version
> Fatal: no entropy gathering module detected
>
> which is not so pleasant. At the moment, we are thinking that gnutls should
> have some api to allow its initialization to fail without exiting the
> application.

I completely agree.

> Also there should be an api in there to allow curl's --random-file option to
> work with gnutls. Currently this is only possible if curl uses the api
> provided by libgcrypt directly. If this were available we could at least do
> `curl --random-file <path> --version' and expect it to work.
>
> So, my question is, do you agree? Is this a missing feature of gnutls, or
> should curl be using the libgcrypt api directly?

In my view the API should be provided by gnutls since we interact and use
gnutls. libgrycpt (and what else?) is just a dependency that gnutls may or may
not use and it feels a bit odd that we as users of gnutls have to "by-pass"
gnutls to access the underlying lib to do certain things.

But then, when doing multi-threaded apps we need to use libgrycpt's mutex
callbacks so this would just be yet another cases of such a by-pass.

> I will be posting to the gnutls list asking a similar question :)

I think you may get them to agree with you, as I recall Simon Joseffson (of
the gnutls team) having talked about removing the hard dependency on libgcrypt
and if they ever are gonna change crypto lib they better offer these functions
in their own API so that we as gnutls users can be crypto lib agnostic.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html