-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
please document status with regards to ext/openssl from Ruby #54
Comments
This is something I definitely need to write/work on. Thanks for bringing this up and making a formal ticket for it! |
I'd like to include gemified ext/openssl in Ruby 2.4.0-preview2 which will be released on September, at least. https://bugs.ruby-lang.org/projects/ruby-trunk/wiki/ReleaseEngineering24
I don't know if this has been discussed...
As far as I can recall, the following changes can affect existing code.
The followings are due to the incompatibilities in OpenSSL 1.1.0.
I'm sorry as I did suggest you switching to openssl gem, it might not be the best choice for a Ruby 2.3 package... f8eec6b will break existing Rails applications, and it might be also a problem that the user can't load openssl without rubygems. |
I believe this can be closed now 🙇 |
@zzak thanks, it looks good to me! I am looking forward to shipping openssl as a separate module with Ruby 2.4+ (which will only happen for Debian 10 as Debian 9 will ship Ruby 2.3). @rhenium do you think the 3 commits you linked to (fcb9b4a (openssl: add SSLContext#ecdh_curves=), 77b4850 (openssl: check existence of RAND_pseudo_bytes()), and 7ea72f1 (openssl: adapt OpenSSL::PKey to OpenSSL 1.1.0 opaque structs)) could be backported to Ruby 2.3? |
@terceiro They 3 changes are necessary to make it compile with OpenSSL 1.1.0. As for the second one (77b4850), the removed OpenSSL::Random.pseudo_bytes can be changed to an alias for OpenSSL::Random.random_bytes. I don't think there is a way to provide shims for others. I'm closing this issue, but let me know if there is anything I can help! |
Hi,
First of all thanks for your work on openssl.
I am one of the Ruby maintainers in Debian, where we need to move on to OpenSSL 1.1.0. But based on the discussion on Ruby bug #12324 (OpenSSL 1.1.0 support) it seems that backporting that to Ruby 2.3 might be tricky.
It has been suggested as one option that Debian stops building ext/openssl that comes bundled with Ruby, and includes this openssl package instead. In principle that sounds like a perfect alternative, because openssl can then be fixed independently of Ruby), but there are a few issues that prevent me from doing that:
Can you please clarify those points?
The text was updated successfully, but these errors were encountered: