[9front] ssl deprecation

[9front] ssl deprecation

[fulton]

Quick and dirty ssl deprecation.  Remove it from default kernel
configs, document the change, and keep the code in case anyone needs
it.


Patch: http://okturing.com/src/11142/body
--
Fulton fulton.software!fulton

Re: [9front] ssl deprecation

[cinap_lenrek]

and what todo with pushssl(2) and cpu(1), import(4) and oexportfs(4)?

if you kill devssl, you break any remoting supporting with inferno and
classic plan9.

i wanted to kill it along time ago especially as devssl had kernel
crash bugs. but you need to explain the consequences of your changes
clearly and stand the discussion with people wanting to run 9front
together with inferno and labs plan9 installations.

--
cinap

Re: [9front] ssl deprecation

[ori]

Quoth cinap_lenrek@felloff.net:
> and what todo with pushssl(2) and cpu(1), import(4) and oexportfs(4)?

the patch deleting obsolete algorithms
also kills it:

	char	*ealgs = "rc4_256 sha1";

so unnice, we killed it twice.

> if you kill devssl, you break any remoting supporting with inferno and
> classic plan9.
> 
> i wanted to kill it along time ago especially as devssl had kernel
> crash bugs. but you need to explain the consequences of your changes
> clearly and stand the discussion with people wanting to run 9front
> together with inferno and labs plan9 installations.

I took a bit of time to look at this; it looks like
it'd be a small patch to use devssl or devtls. maybe
it's time to tell people that they need to apply a
patch?

echoline has been messing around with porting dp9ik,
to 9legacy -- maybe that's another option?

not sure if there are really other options long term
p9sk1/cpu auth is getting moldy and worm-eaten, and
requiring us to keep around code that should really
be dead.