-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run OPENSSL_config to load system SSL configuration #267
Conversation
This can allow the use of non-default ciphers such as GOST using Ruby if the system OpenSSL configuration allows them. Fixes Ruby Bug 9822.
@jeremyevans is there any harm in doing this that I should consider before merging? |
I don't believe there is harm in doing so. This should only load the relevant section of the standard configuration file (which may have different configuration than the compiled-in defaults). So this should only cause an issue if the standard configuration file contains configuration that the person does not want to load. In that case, they should probably fix their configuration file. Note that this is not my area of expertise, I haven't done more research than reading the man page. |
Hmmm:
https://www.openssl.org/docs/man1.1.0/man3/OPENSSL_config.html |
|
This is not my area either but I guess we are both trying our best to make sense of it. Does the MAN page I referenced make this PR unnecessary? Do we already do |
I'm using LibreSSL, and there is no mention of deprecation of the function in the LibreSSL man page. However,
Not calling this can break things, such as not supporting ciphers that are supported in the standard configuration file, which I believe is the reason the Ruby bug reporter wanted it added. |
That is so funny. |
According to https://stackoverflow.com/questions/54556943/openssl-update-into-newer-version-alternative-for-the-deprecated-openssl-confi we don't need any startup functions :/ |
OK. I guess I'm fine with closing this then, and we can just tell people to upgrade OpenSSL, or to reopen this issue if they would like us to support older OpenSSL versions. |
I asked on the OpenSSL mailing list what is the best way to deal with this. |
Here is the response I got:
|
This can allow the use of non-default ciphers such as GOST using
Ruby if the system OpenSSL configuration allows them.
Fixes Ruby Bug 9822.