Comments (5)
zzak
commented on May 20, 2024
This is something I definitely need to write/work on.
Thanks for bringing this up and making a formal ticket for it!
from openssl.
rhenium
commented on May 20, 2024
- there has been no releases of openssl, at all (rubygem.org says "Don't install this!")
I'd like to include gemified ext/openssl in Ruby 2.4.0-preview2 which will be released on September, at least.
https://bugs.ruby-lang.org/projects/ruby-trunk/wiki/ReleaseEngineering24
- I don't know how the handling of security issues in openssl works (while Ruby itself has at least some sane solid security procedures).
I don't know if this has been discussed...
- it's not clear how (in)compatible openssl is wrt the version bundled with Ruby. e.g. can I as distributor rely on it being a drop-in replacement for the bundled openssl library? (now, or even in some future)
As far as I can recall, the following changes can affect existing code.
- f8eec6b (openssl: make Cipher#key= and #iv= reject too long values)
The followings are due to the incompatibilities in OpenSSL 1.1.0.
- fcb9b4a (openssl: add SSLContext#ecdh_curves=)
- 77b4850 (openssl: check existence of RAND_pseudo_bytes())
- 7ea72f1 (openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs)
I'm sorry as I did suggest you switching to openssl gem, it might not be the best choice for a Ruby 2.3 package... f8eec6b will break existing Rails applications, and it might be also a problem that the user can't load openssl without rubygems.
from openssl.
zzak
commented on May 20, 2024
I believe this can be closed now
from openssl.
terceiro
commented on May 20, 2024
@zzak thanks, it looks good to me! I am looking forward to shipping openssl as a separate module with Ruby 2.4+ (which will only happen for Debian 10 as Debian 9 will ship Ruby 2.3).
@rhenium do you think the 3 commits you linked to (fcb9b4a (openssl: add SSLContext#ecdh_curves=), 77b4850 (openssl: check existence of RAND_pseudo_bytes()), and 7ea72f1 (openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs)) could be backported to Ruby 2.3?
from openssl.
rhenium
commented on May 20, 2024
@terceiro They 3 changes are necessary to make it compile with OpenSSL 1.1.0. As for the second one (77b4850), the removed OpenSSL::Random.pseudo_bytes can be changed to an alias for OpenSSL::Random.random_bytes. I don't think there is a way to provide shims for others.
I'm closing this issue, but let me know if there is anything I can help!
from openssl.
Related Issues (20)
- OpenSSL 3: OpenSSL.fips_mode returns false in FIPS enabled environment HOT 5
- Test failure with OpenSSL 3.1.0 HOT 3
- Missing `shutdown`, `close_write` and `close_read`. HOT 1
- Non-blocking socket not handled correctly. HOT 4
- OpenSSL::PKCS12 error: PKCS12_parse: unsupported HOT 4
- undefined method 'to_octet_string' for OpenSSL::PKey::EC HOT 1
- GCC -L<openssl lib directory> is wrong with the OpenSSL installed from the souce without --libdir=lib option HOT 2
- pkeys are immutable on OpenSSL 3.0\e[0m (OpenSSL::PKey::PKeyError) HOT 1
- Warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef] HOT 1
- Checking compiler warnings as errors on CI HOT 6
- lib/openssl/hmac.rb:55:in `initialize': EVP_PKEY_new_mac_key: malloc failure (OpenSSL::HMACError) with -Werror flag HOT 12
- Group Key Agreement using OpenSSL HOT 1
- `EVP_DigestSignInit: unsupported (OpenSSL::HMACError)` and `Digest initialization failed: initialization error (OpenSSL::Digest::DigestError)` HOT 4
- OpenSSL 3 FIPS mode - creating encrypted RSA key pair fails with PEM_write_bio_PrivateKey_traditional: initialization error (OpenSSL::PKey::PKeyError) HOT 7
- openssl 3.1.0 security issues HOT 2
- Can no longer pass file contents as ca_file property with OpenSSL 3 HOT 3
- warning: macOS truffleruby-head: TS_VERIFY_CTS_set_certs macro redefined in OpenSSL 3.1 HOT 25
- New OpenSSL gem release HOT 4
- Issue imporitng certificates created using OpenSSL::PKCS12 on macOS devices HOT 2
- DEFAULT_CERT_DIR not being used HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openssl.