Turns out OpenSSLReal.createOpenSSL is getting called twice. It was called once by the OSSLLibrary.new.load call, but it was apparently called also when jopenssl.jar was loaded. I cannot figure out why it is getting called when the jar is loaded...
-- Matt Hauck On Thursday, January 10, 2013 at 3:35 AM, Matt Hauck wrote: > Okay. Stayed up a bit too late for this… but finally got all the commits and > such sorted out: https://github.com/matthauck/jruby/commits/bc147 > > I'm strangely getting logs of "already initialized constant" errors now > though coming from this line: > org.jruby.ext.openssl.OSSLLibrary.new.load(JRuby.runtime, false). Not sure > what's going on there... > > -- > Matt Hauck > > > On Wednesday, January 9, 2013 at 10:44 PM, Matt Hauck wrote: > > > I've almost got it working now. There was a regression in > > Signed#digestAlgorithmsToASN1Set. Getting closer… > > > > -- > > Matt Hauck > > > > > > On Wednesday, January 9, 2013 at 10:40 PM, Lars Westergren wrote: > > > > > Hmm, interesting. I'll also look into it this weekend, if you haven't > > > solved it by then. Good thing you spotted this. > > > On Jan 10, 2013 3:24 AM, "Matt Hauck" <mattha...@gmail.com > > > (mailto:mattha...@gmail.com)> wrote: > > > > FYI: I'm continuing to work on this, but just an FYI there are > > > > definitely some problems with the pkcs7 portions of the library. I've > > > > attached a simple script that is breaking with the new 1.47 port. It > > > > thinks it signs the data successfully and all, but the to_pem / to_der > > > > generates invalid data. The script tries to open the generated > > > > signed.pem with openssl and openssl can't read it. This script passes > > > > fine with jruby 1.7.1. > > > > > > > > -- > > > > Matt Hauck > > > > > > > > > > > > On Wednesday, January 9, 2013 at 11:58 AM, Matt Hauck wrote: > > > > > > > > > Hmm, the problem appears to be that the actual tests have changed. > > > > > One of the last tests failing after merging Lars' BC 1.47 changes is > > > > > in test_pkey_rsa.rb, which is entirely different on the jruby repo > > > > > from what it used to be in the jruby-openssl repo. The test is > > > > > "test_load_pkey_rsa_enc". The jruby repo's copy of that file doesn't > > > > > even have any PEM loading tests… > > > > > > > > > > It looks like something got messed up (perhaps intentionally?) with > > > > > the openssl tests when they were merged to the main jruby repo > > > > > > > > > > -- > > > > > Matt Hauck > > > > > > > > > > > > > > > On Wednesday, January 9, 2013 at 10:07 AM, Matt Hauck wrote: > > > > > > > > > > > Sorry for no context, I have a private fork of the old > > > > > > jruby-openssl gem (forked from 0.7.5) that we are still using > > > > > > internally due to some fixes that hadn't yet been accepted > > > > > > upstream. So I merged Lars' BC 1.47 changes back there and ran it > > > > > > against those test cases and got some failures, though running > > > > > > test:mri19 does not indicate any failures... > > > > > > > > > > > > -- > > > > > > Matt Hauck > > > > > > > > > > > > > > > > > > On Wednesday, January 9, 2013 at 9:52 AM, Charles Oliver Nutter > > > > > > wrote: > > > > > > > > > > > > > I'm not sure what you mean by the "old" openssl gem. If you run > > > > > > > rake > > > > > > > test:mri19 in the JRuby repo it will run the 1.9 version of the > > > > > > > OpenSSL tests with known failures excluded. > > > > > > > > > > > > > > - Charlie > > > > > > > > > > > > > > On Wed, Jan 9, 2013 at 11:12 AM, Matt Hauck <mattha...@gmail.com > > > > > > > (mailto:mattha...@gmail.com)> wrote: > > > > > > > > Hmm. I don't know if all the tests are passing. It is possible > > > > > > > > I am doing > > > > > > > > something wrong. I copied over the source to the old jruby > > > > > > > > openssl gem > > > > > > > > (since that's the only place I knew how to run the openssl > > > > > > > > tests), and some > > > > > > > > of them were failing. The biggest change i needed to get them > > > > > > > > closer to > > > > > > > > passing was in Recipient#_initialize. > > > > > > > > > > > > > > > > How do you run the openssl tests only from the jruby repo? > > > > > > > > > > > > > > > > -- > > > > > > > > Matt Hauck > > > > > > > > > > > > > > > > On Wednesday, January 9, 2013 at 8:42 AM, Charles Oliver Nutter > > > > > > > > wrote: > > > > > > > > > > > > > > > > Excellent, Lars! I'll take a look at it and probably roll it > > > > > > > > into > > > > > > > > master if it runs green. It will be *very* nice to be current on > > > > > > > > Bouncy Castle. > > > > > > > > > > > > > > > > - Charlie > > > > > > > > > > > > > > > > On Wed, Jan 9, 2013 at 1:40 AM, Lars Westergren > > > > > > > > <lars.westerg...@gmail.com (mailto:lars.westerg...@gmail.com)> > > > > > > > > wrote: > > > > > > > > > > > > > > > > I'm far from an expert on security, so if anyone is, a quick > > > > > > > > code inspect of > > > > > > > > the above commit would be appreciated! All the build tests pass > > > > > > > > now, but I > > > > > > > > haven't had time to try it out on a real application. > > > > > > > > > > > > > > > > Regards, > > > > > > > > Lars > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Jan 9, 2013 at 6:14 AM, Matt Hauck <mattha...@gmail.com > > > > > > > > (mailto:mattha...@gmail.com)> wrote: > > > > > > > > > > > > > > > > > > > > > > > > Sweet. Perfect timing. It looks like it's pretty far along! I'm > > > > > > > > glad > > > > > > > > people that know more about this stuff are already working on > > > > > > > > it. =) > > > > > > > > > > > > > > > > -- > > > > > > > > Matt Hauck > > > > > > > > > > > > > > > > On Tuesday, January 8, 2013 at 9:05 PM, Alex Tambellini wrote: > > > > > > > > > > > > > > > > The upgrade to 1.47 is already being worked on here: > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/LarsWestergren/jruby/commit/c9f36d616bebe5a96c93908469d974c64de314fe > > > > > > > > > > > > > > > > On Jan 8, 2013, at 11:10 PM, Matt Hauck <mattha...@gmail.com > > > > > > > > (mailto:mattha...@gmail.com)> wrote: > > > > > > > > > > > > > > > > I am glad to hear that I will at least be able to upgrade to > > > > > > > > jruby 1.7.2 > > > > > > > > and replace out the built-in openssl support in case I need to > > > > > > > > make a fork > > > > > > > > with this bouncy castle 1.47 support. I've got it compiling now > > > > > > > > with the > > > > > > > > updated BC now, and am beginning to work through some more the > > > > > > > > more > > > > > > > > difficult changes. The biggest has to do with deprecating > > > > > > > > X509Name in favor > > > > > > > > of X500Name and the various implications of this. > > > > > > > > > > > > > > > > -- > > > > > > > > Matt Hauck > > > > > > > > > > > > > > > > On Tuesday, January 8, 2013 at 8:00 PM, Matt Hauck wrote: > > > > > > > > > > > > > > > > Sadly not so. If you try replacing the bc*.jar files in > > > > > > > > build_lib with > > > > > > > > bcprov and bcpkik 1.47 versions you will find the build fails > > > > > > > > with 100 > > > > > > > > errors. > > > > > > > > > > > > > > > > -- > > > > > > > > Matt Hauck > > > > > > > > > > > > > > > > On Tuesday, January 8, 2013 at 7:01 PM, kristian wrote: > > > > > > > > > > > > > > > > Jruby 1.7.x comes with openssl bundled. I think from version > > > > > > > > 1.7.1 onwards > > > > > > > > bouncy castle gets a java package rewrite and is used only > > > > > > > > internally for > > > > > > > > openssl. So you are free to add any version of bouncy castle as > > > > > > > > needed by > > > > > > > > your application - just do not add the jruby-openssl since this > > > > > > > > will pull in > > > > > > > > the old version. > > > > > > > > > > > > > > > > Kristian > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > To unsubscribe from this list, please visit: > > > > > > > > > > > > > > > > http://xircles.codehaus.org/manage_email > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe from this list, please visit: > > > > > > > > > > > > > > http://xircles.codehaus.org/manage_email > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe from this list, please visit: > > > > > > > > http://xircles.codehaus.org/manage_email > > > > > > >