Closed DBA closed 14 years ago
I found a basic benchmark: http://blog.nathanielbibler.com/post/63031273/openssl-hmac-vs-ruby-hmac-benchmarks
We could support both. Though I doubt there is any environment where ruby-openssl is not available.
While scanning the source files I assume that the HMCA calls are all covered with tests. Could you confirm that I didn't miss something?
I agree that we could support both, checking if the OpenSSL one is available or not.
Yep, there is one call in request.rb which is tested in request_spec.rb.
Alex, for now, I've removed the ruby-hmac dependency completely.
The code just looked odd with OpenSSL (which comes with Ruby core) falling back ruby-hmac gem, which is less performant and of unrecommended use.
If you disagree, feel free to rollback my commit: http://github.com/aflatter/oauth2-ruby/commit/0ee8f9781d1a215da063330ef1ed929ca61103d3
I'm okay with that. Closed.
ruby-hmac website states the following: NOTE: If your apps can assume Ruby/OpenSSL available, consider using OpenSSL::HMAC instead.
Should we consider using OpenSSL::HMAC instead. Can / should we make that assumption?