This is a complete list of the features of the SDSI library that
can be turned on and off at library build-time by commenting
or uncommenting the #define in `lib/sdsi2.h.in'.
SDSI2_FEATURE_ONLINE_TESTS compiles support for the online tests. Without it,
CRLs, revals, and certs that use online tests will not parse, and all functions
dealing with online tests will be unavailable.
SDSI2_FEATURE_ONLINE_TEST_ONE_TIME compiles further support for one-time online
tests. Without it, certs that use online tests will not parse.
SDSI2_FEATURE_CRYPTO_DES, SDSI2_FEATURE_CRYPTO_3DES, SDSI2_FEATURE_CRYPTO_IDEA,
SDSI2_FEATURE_CRYPTO_HMAC, and SDSI2_FEATURE_CRYPTO_RSA compile support in
for various cryptosystems.
SDSI2_FEATURE_ENCODING_PKCS1 compiles in support for PKCS-1 encodings. The library
is pretty useless without it.
SDSI2_FEATURE_HASH_MD5 and SDSI2_FEATURE_HASH_SHA1 compile in support for
those hashes.
SDSI2_FEATURE_TAG_STAR_APPEND, SDSI2_FEATURE_TAG_STAR_REORDER,
SDSI2_FEATURE_TAG_STAR_REORDER_DELETE, and SDSI2_FEATURE_TAG_STAR_REORDER_INSERT
compile in support for advanced `(tag ...)' elements. Without all relevant
features, tags will not parse.
SDSI2_FEATURE_SEXP_UNPARSE compiles in code to support the unparsing
of S-expressions. The way that S-expressions are parsed makes storing and hashing them
read-only very efficient, but doesn't make unparsing very easy - the code to do so is
rather large and ugly. If an application is only going to parse and inspect S-expressions,
and never emit them, you can link it with a simpler version of this library, built
after commenting out this feature.
SDSI2_FEATURE_SEXP_GENERATION compiles in some support for generating
S-expressions. SDSI2_FEATURE_SEXP_UNPARSE must be defined for this to work.
This compiles in some functions used in generating new S-expressions (especially
new hashes and signatures).
SDSI2_FEATURE_SEXP_ADVANCED_FORMS compiles in the extra functions needed
to parse S-expressions in any of the advanced (non-canonical) formats. The SDSI2
library as-is will only parse expressions in canonical form. With the addition
of Rivest's reference S-expression code and the enabling of this feature, new
functions are provided to parse expressions in any of the formats that code supports.
SDSI2_FEATURE_SEXP_UNPARSE_SIMPLE is used to compile in minimal functions
that can unparse S-expressions that have not been modified since they were parsed.
This and SDSI2_FEATURE_SEXP_UNPARSE are mutually exclusive.
SDSI2_FEATURE_CERT_DEF_PROPAGATES will allow name-binding `cert's to
have optional `(propagate)' flags that are recognized. This is a "dangerous"
feature, since it affects certificate semantics.
SDSI2_FEATURE_CERT_DEF_TAGS will allow name-binding `cert's to
have optional `(tag)' fields that are recognized. This is a "dangerous"
feature, since it affects certificate semantics.
SDSI2_FEATURE_HUGE_STRINGS will change the type used to size bytestrings
from the machine's native unsigned int to the largest integer available
from the compiler. Under modern gcc, this is a 64-bit unsigned integer,
so this should allow bytestrings to grow real big. Right now it only makes remote
sense to do this on a 64-bit machine, where in theory you could hold a >4GB string
in memory, but whether this actually works is anyone's guess.
SDSI2_FEATURE_ERROR_TEXT compiles in arrays of strings with messages for
the various error major, minor, and locus codes.
SDSI2_FEATURE_ERROR_SEXP_DUMP would compile in code to generate a bytestring
message suitable for pointing out an error in a given S-expression, if that code
only existed.
SDSI2_FEATURE_PGP_SUPPORT compiles in support for PGP keyrings.
SDSI2_FEATURE_SSH_SUPPORT compiles in support for SSH key files.
SDSI2_FEATURE_DEBUG compiles in code to call sdsi2_trap whenever
the library encounters an error condition. Really useful only to people debugging
the library.
SDSI2_FEATURE_CACHE_SUPPORT compiles in the cache support. Surprisingly,
the cache code is the second-biggest module in the library.
SDSI2_FEATURE_K_OF_N controls how threshold subject support is compiled into
the library. If undefined, no threshold support is put in, and certs, acls,
and sequences that use threshold subjects will not parse. If defined to be
SDSI2_K_OF_N_DRAFT, support for threshold subjects based on the November 1997
SPKI/SDSI draft is compiled into the library. If defined to be SDSI2_K_OF_N_GOTOS,
support for the modified threshold subject sequence format is compiled in.
Go to the first, previous, next, last section, table of contents.