Replies: 1 comment 1 reply
-
There are two ways:
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm running an echo server with netty, openssl and a pkcs11 engine. I built tcnative static and included it with
When i executed a tls handshake with openssl s_client OpenSslKeyMaterialManager throws at line 111 engine.setKeyMaterial(keyMaterial) an openssl EC_POINT_cmp incompatible objects exception. The issue seems similar to
EC_POINT_cmp returns error when using a dynamic ENGINE and statically linked openssl
Therefore i would like to include tcnative dynamic.
My naive approach using debian:buster-slim results in an exception due to incompatible openssl versions.
I read the how to use / build section in tcnative wiki, i also checked related issues in github netty / tcnative and stackoverflow. Especially
Cannot use Openssl 1.1.1f with netty-tcnative, we get UnsatisfiedLinkError: .. libssl.so.1.0.0
I checked the tcnative source code and especially the docker files but i did not manage to do the required changes for openssl 1.1.1. If someone can give me a hint what needs to be changed, i would really appreciate it.
I also tried the other way around. Instead of trying to upgrade tcnative dynamic to 1.1.1 provide a Dockerfile which contains everything for a successful dynamically linking. I installed libssl 1.0.2 on debian:buster-slim (libssl.so.1.0.2), but i get the same exception. netty-tcnative seems to expect exactly libssl1.0.0.
I would at least require openssl 1.0.2 to have brainpool parameter support. Does someone perhaps have an example Dockerfile which successfully links with tcnative dynamic?
I someone can give me a hint I would really appreciate it. Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions