Ok, I'm pulling in the BC updates based on Matt Hauck's branch. I'll pull to a bc147 branch for the moment and run sanity checks, but then merge to master soon after so we get some bake time before JRuby 1.7.3.
Since this is going to master, any remaining issues should be filed as bugs or PRs so we can get them repaired before 1.7.3. After the new BC update is in, I'm also going to look into pulling in krypt for JRuby 1.7.3 so we'll have PKCS5 support. - Charlie On Wed, Jan 23, 2013 at 1:42 PM, Charles Oliver Nutter <head...@headius.com> wrote: > The jar loading logic is done in LoadService, and was a half-assed > attempt for us to make .jar files load something like .so files (load > and initialize at once). We need a better mechanism (probably based on > meta-inf) but I have been manually loading libraries via JRuby.runtime > to move away from the old mechanism. > > - Charlie > > On Thu, Jan 10, 2013 at 12:45 PM, Matt Hauck <mattha...@gmail.com> wrote: >> Turns out OpenSSLReal.createOpenSSL is getting called twice. It was called >> once by the OSSLLibrary.new.load call, but it was apparently called also >> when jopenssl.jar was loaded. I cannot figure out why it is getting called >> when the jar is loaded... >> >> -- >> Matt Hauck >> >> On Thursday, January 10, 2013 at 3:35 AM, Matt Hauck wrote: >> >> Okay. Stayed up a bit too late for this… but finally got all the commits and >> such sorted out: https://github.com/matthauck/jruby/commits/bc147 >> >> I'm strangely getting logs of "already initialized constant" errors now >> though coming from this line: >> org.jruby.ext.openssl.OSSLLibrary.new.load(JRuby.runtime, false). Not sure >> what's going on there... >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 10:44 PM, Matt Hauck wrote: >> >> I've almost got it working now. There was a regression in >> Signed#digestAlgorithmsToASN1Set. Getting closer… >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 10:40 PM, Lars Westergren wrote: >> >> Hmm, interesting. I'll also look into it this weekend, if you haven't solved >> it by then. Good thing you spotted this. >> >> On Jan 10, 2013 3:24 AM, "Matt Hauck" <mattha...@gmail.com> wrote: >> >> FYI: I'm continuing to work on this, but just an FYI there are definitely >> some problems with the pkcs7 portions of the library. I've attached a simple >> script that is breaking with the new 1.47 port. It thinks it signs the data >> successfully and all, but the to_pem / to_der generates invalid data. The >> script tries to open the generated signed.pem with openssl and openssl can't >> read it. This script passes fine with jruby 1.7.1. >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 11:58 AM, Matt Hauck wrote: >> >> Hmm, the problem appears to be that the actual tests have changed. One of >> the last tests failing after merging Lars' BC 1.47 changes is in >> test_pkey_rsa.rb, which is entirely different on the jruby repo from what it >> used to be in the jruby-openssl repo. The test is "test_load_pkey_rsa_enc". >> The jruby repo's copy of that file doesn't even have any PEM loading tests… >> >> It looks like something got messed up (perhaps intentionally?) with the >> openssl tests when they were merged to the main jruby repo >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 10:07 AM, Matt Hauck wrote: >> >> Sorry for no context, I have a private fork of the old jruby-openssl gem >> (forked from 0.7.5) that we are still using internally due to some fixes >> that hadn't yet been accepted upstream. So I merged Lars' BC 1.47 changes >> back there and ran it against those test cases and got some failures, though >> running test:mri19 does not indicate any failures... >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 9:52 AM, Charles Oliver Nutter wrote: >> >> I'm not sure what you mean by the "old" openssl gem. If you run rake >> test:mri19 in the JRuby repo it will run the 1.9 version of the >> OpenSSL tests with known failures excluded. >> >> - Charlie >> >> On Wed, Jan 9, 2013 at 11:12 AM, Matt Hauck <mattha...@gmail.com> wrote: >> >> Hmm. I don't know if all the tests are passing. It is possible I am doing >> something wrong. I copied over the source to the old jruby openssl gem >> (since that's the only place I knew how to run the openssl tests), and some >> of them were failing. The biggest change i needed to get them closer to >> passing was in Recipient#_initialize. >> >> How do you run the openssl tests only from the jruby repo? >> >> -- >> Matt Hauck >> >> On Wednesday, January 9, 2013 at 8:42 AM, Charles Oliver Nutter wrote: >> >> Excellent, Lars! I'll take a look at it and probably roll it into >> master if it runs green. It will be *very* nice to be current on >> Bouncy Castle. >> >> - Charlie >> >> On Wed, Jan 9, 2013 at 1:40 AM, Lars Westergren >> <lars.westerg...@gmail.com> wrote: >> >> I'm far from an expert on security, so if anyone is, a quick code inspect of >> the above commit would be appreciated! All the build tests pass now, but I >> haven't had time to try it out on a real application. >> >> Regards, >> Lars >> >> >> On Wed, Jan 9, 2013 at 6:14 AM, Matt Hauck <mattha...@gmail.com> wrote: >> >> >> Sweet. Perfect timing. It looks like it's pretty far along! I'm glad >> people that know more about this stuff are already working on it. =) >> >> -- >> Matt Hauck >> >> On Tuesday, January 8, 2013 at 9:05 PM, Alex Tambellini wrote: >> >> The upgrade to 1.47 is already being worked on here: >> >> >> https://github.com/LarsWestergren/jruby/commit/c9f36d616bebe5a96c93908469d974c64de314fe >> >> On Jan 8, 2013, at 11:10 PM, Matt Hauck <mattha...@gmail.com> wrote: >> >> I am glad to hear that I will at least be able to upgrade to jruby 1.7.2 >> and replace out the built-in openssl support in case I need to make a fork >> with this bouncy castle 1.47 support. I've got it compiling now with the >> updated BC now, and am beginning to work through some more the more >> difficult changes. The biggest has to do with deprecating X509Name in favor >> of X500Name and the various implications of this. >> >> -- >> Matt Hauck >> >> On Tuesday, January 8, 2013 at 8:00 PM, Matt Hauck wrote: >> >> Sadly not so. If you try replacing the bc*.jar files in build_lib with >> bcprov and bcpkik 1.47 versions you will find the build fails with 100 >> errors. >> >> -- >> Matt Hauck >> >> On Tuesday, January 8, 2013 at 7:01 PM, kristian wrote: >> >> Jruby 1.7.x comes with openssl bundled. I think from version 1.7.1 onwards >> bouncy castle gets a java package rewrite and is used only internally for >> openssl. So you are free to add any version of bouncy castle as needed by >> your application - just do not add the jruby-openssl since this will pull in >> the old version. >> >> Kristian >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this list, please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this list, please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this list, please visit: >> >> http://xircles.codehaus.org/manage_email >> >> >> >> --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
