Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upOpenSSL1.1.0 #14203
OpenSSL1.1.0 #14203
Comments
|
This is probably blocked on hyperium/hyper#907 |
|
How about using https://github.com/briansmith/ring instead of OpenSSL. |
|
OpenSSL is essentially two libraries:
ring is a Rust library containing just the cryptographic primitives and does not contain a TLS implementation. There are a few TLS implementations being built that build on top of ring, most notably rustls. As of right now, Hyper does not support any Rust implementation of TLS (including rustls), so one would have to start there. I can't find it now, but there was a (very long) thread on the mailing list a month or so ago talking about TLS decisions for Servo, and from what I remember, it seemed like the Servo team was going to eventually move to NSS, but it might still be an open question. |
|
Regarding OpenSSL 1.1.0 support, I'm working on a patch right now. |
|
My branch is here: https://github.com/servo/servo/compare/master...frewsxcv:openssl-1.1.0?expand=1 @mbrubeck You said you couldn't get Servo working with OpenSSL 1.1.0. Can you try checking out that branch and see how things look? |
|
The TLS discussion thread is here: https://groups.google.com/d/msg/mozilla.dev.servo/3mfkRehXAo4/uwAm4ffXAAAJ |
|
Relevant PR: hyperium/hyper#975 |
|
I've been working off @frewsxcv's branch to rebase and resubmit the pr with a few customizations servo needs |
|
Should the README be changed in the mean time, to mention libssl1.0-dev for developers on Debian stretch and sid ? |
|
Downloaded https://download.servo.org/nightly/linux/servo-latest.tar.gz on Debian Testing (Stretch)
Overview: https://packages.debian.org/search?lang=de&suite=stretch&searchon=names&keywords=libssl There is no 1.0.0 on Debian testing (stretch), only libssl.so, libssl.so.1.0.2 and libssl.so.1.1. No solution:
because
Could you please allow 1.0.2 (#16605) or 1.1? |
|
@avadacatavra What's the status on this? |
|
This affects Fedora platforms too (F27 at least). Static linking these libs in the nightly would suffice for my needs. |
|
I can confirm it affect Fedora 26 too |
|
Would be nice to have this updated. |
|
@romulasry openssl updates also require updates in a lot of other dependencies, some of which are non-trivial. we'd like to get this done. last time i looked at this, i think there was a problem with the hyper dependency. i'll take another look at this and hopefully we can make progress |
|
Update? |
|
@romulasry upgrading openssl is being worked on in #21644. |
|
Done now :) |
I am using Debian Sid which now comes with OpenSSL 1.1.0. In this version makes many breaking changes to the API which caused the build to fail. To get things to work, I needed to run:
This forces my system to use the old OpenSSL version.
When I look at Cargo.lock in components/servo, I see we are using the rust crate
The latest version (as of this writing) is 0.9.1 which builds with OpenSSL1.1.0
The problem though is that many other packages like hyper and cookie depend on the old crate for rust openssl so upgrading is not straight forward.
So is there any plan to upgrade to the latest OpenSSL?