Seth Hall created BIT-1499:
------------------------------
Summary: Updates for newer version of OpenSSL/LibreSSL
Key: BIT-1499
URL: https://bro-tracker.atlassian.net/browse/BIT-1499
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro, Broccoli
Affects Versions: git/master
Reporter: Seth Hall
Attachments: patch-aux_broccoli_src_bro__openssl.c,
patch-src_ChunkedIO.cc
�A comment from Christoph Pietsch:
{quote}Currently bro fails to build when openssl libraries have been built
without SSLv3 (configure --no-ssl2 --nossl3). This has
surfaced when building with the latest LibreSSL 2.3.
Attached patches address all these issues. These can be improved upon
by using only SSLv23_ methods or even TLS_ methods and setting
SSL_CTX_set_options(ctx, SSL_OP_NO_SSL2 | SSL_OP_NO_SSL3) but I've
tried to make the patches minimally intrusive. OpenSSL 1.1.0 will
deprecate SSLv23_ methods and introduces compatible TLS_ methods.{quote}
The patches are attached. Fortunately all of this code is slated to be removed
but it does introduce the question how we manage this moving forward. I'd like
to avoid having to add compiler directives to use alternate implementations and
detect which version of OpenSSL someone has installed.
Alternately, what does everyone think about deprecating the existing
communication mechanism by making it a configure-time option? We can just not
compile those by default which means that almost everyone would just see
everything work correctly and our effort would be minimal. People that need
the existing built in communication still can deal with the complications of
compiling Bro with the option and having the correct version of OpenSSL.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-002#70107)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
