Forum OpenACS Q&A: Response to ad_restrict_to_https broken?

Collapse
Posted by Don Baccus on
When it originally was distributed, you couldn't use nsssl because AOL
couldn't supply the BSAFE libraries, which are proprietary.  OpenSSL
works with AOLserver, but there was concern over the legality of that
project due to the fact that it contained code based on information
illegally retrieved from RSA.

RSA's patent ran out last fall, and export restrictions on encryption
have been relaxed, so you can now use nsssl again with Open Source
AOLserver.  Or AOL bought a distribution license for BSAFE.  Or
something like that, I'm not aware of the exact details.

I'm not certain what the patch you mention was trying to accomplish,
clearly it doesn't work.  When we first distributed OpenACS you needed
to run with the "restrict to https" parameters (in /parameters/ad.tcl)
commented out, or you were on your own to get OpenSSL up and make it
work with AOLserver and OpenACS.

If a couple of other folks will verify that your patch works (I'm
still not using nsssl on my site) I'll apply it to the CVS tree.