Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark TLSv1, TLSv1_1, TLSv1_2 as deprecated #115

Merged
merged 3 commits into from
Jun 2, 2023
Merged

Mark TLSv1, TLSv1_1, TLSv1_2 as deprecated #115

merged 3 commits into from
Jun 2, 2023

Conversation

craff
Copy link
Contributor

@craff craff commented May 23, 2023
edited
Loading

It also avoids compilation warning related to these deprecations (from C and from OCaml now).

TODO: can we turn off only the deprecation warning about TLSV, to avoid missing a new deprecated feature ?

There is this:

#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
...
#pragma GCC diagnostic pop

But this is GCC specific ?
Cheers,
Christophe

This was referenced May 23, 2023
Closed
Closed
Closed
anmonteiro
anmonteiro reviewed May 26, 2023
View reviewed changes
src/ssl.mli Outdated Show resolved Hide resolved
@anmonteiro
Copy link
Collaborator

I thought a bit about this, and I think I'm not a fan of this direction:

  • IMO this library should strive to provide safe, performant and up-to-date bindings to OpenSSL
  • as the OpenSSL package evolves upstream, we should evolve with it to guarantee we keep up with well-supported, secure APIs
  • hiding deprecations goes against this philosophy by placing the burden on our future selves to fix it when they're finally removed and we start having linking problems related to missing names

Instead, how about:

  1. we make one last release with these APIs, which I suppose are needed for OpenSSL 1.0.2 compatibility (this statement needs checking)
  2. we go in the direction of Refactor bindings to not use deprecated OpenSSL API #59 after said release, refactor to new APIs and drop compatibility with old OpenSSL versions

what do you think?

anmonteiro
anmonteiro reviewed Jun 2, 2023
View reviewed changes
src/ssl.mli Outdated Show resolved Hide resolved
src/ssl.mli Outdated Show resolved Hide resolved
src/ssl.mli Show resolved Hide resolved
src/ssl.mli Show resolved Hide resolved
@anmonteiro
Copy link
Collaborator

Thank you, I took the liberty to deprecate even older versions, and added a changes entry.

@anmonteiro anmonteiro merged commit c8b5c95 into savonet:master Jun 2, 2023
6 checks passed
@anmonteiro anmonteiro mentioned this pull request Jun 2, 2023
Closed
anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Jun 2, 2023
@anmonteiro
[new release] ssl (0.6.0)
a337c59 
CHANGES:

- Raise an error when `Ssl.flush` isn't successful (savonet/ocaml-ssl#104, savonet/ocaml-ssl#120)
- Add an API-compatible `Ssl.Runtime_lock` module. The functions in this module
  don't release the OCaml runtime lock. While they don't allow other OCaml
  threads to run concurrently, they don't perform any copying in the underlying
  data, leading certain workloads to be faster than their counterparts that
  release the lock. (savonet/ocaml-ssl#106)
- Guarantee `Ssl.output_string` writes the whole string by retrying the
  operation with unwritten bytes (savonet/ocaml-ssl#103, savonet/ocaml-ssl#116)
- Fix calls in C stubs that need to call `ERR_clear_error` before the underlying
  OpenSSL call (savonet/ocaml-ssl#118)
- Add a module `Ssl.Error` to retrieve OpenSSL errors in a structured way (savonet/ocaml-ssl#119)
- Deprecate Ssl.{SSLv23,SSLv3,TLSv1,TLSv1_1}, which were were formally
  deprecated in March 2021 and earlier (savonet/ocaml-ssl#115).
@craff
Copy link
Contributor Author

craff commented Jun 2, 2023 via email

anmonteiro added a commit to anmonteiro/opam-repository that referenced this pull request Jun 3, 2023
@anmonteiro
[new release] ssl (0.6.0)
512f902 
CHANGES:

- Raise an error when `Ssl.flush` isn't successful (savonet/ocaml-ssl#104, savonet/ocaml-ssl#120)
- Add an API-compatible `Ssl.Runtime_lock` module. The functions in this module
  don't release the OCaml runtime lock. While they don't allow other OCaml
  threads to run concurrently, they don't perform any copying in the underlying
  data, leading certain workloads to be faster than their counterparts that
  release the lock. (savonet/ocaml-ssl#106)
- Guarantee `Ssl.output_string` writes the whole string by retrying the
  operation with unwritten bytes (savonet/ocaml-ssl#103, savonet/ocaml-ssl#116)
- Fix calls in C stubs that need to call `ERR_clear_error` before the underlying
  OpenSSL call (savonet/ocaml-ssl#118)
- Add a module `Ssl.Error` to retrieve OpenSSL errors in a structured way (savonet/ocaml-ssl#119)
- Deprecate Ssl.{SSLv23,SSLv3,TLSv1,TLSv1_1}, which were were formally
  deprecated in March 2021 and earlier (savonet/ocaml-ssl#115).
@anmonteiro anmonteiro mentioned this pull request Jun 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anmonteiro anmonteiro anmonteiro left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@craff @anmonteiro