Ok, all BC 1.47 changes have been pushed to master! I had some
failures, but they didn't seem to correspond to OpenSSL (except for
two in rake test:mri19 I'm looking at now).

We're not green on any CI so I just pushed it with failures. Going to
try to green it up now before incorporating krypt.

- Charlie

On Wed, Jan 23, 2013 at 1:57 PM, Charles Oliver Nutter
<head...@headius.com> wrote:
> Ok cool, don't bother with the PR then...I'm in the middle of this and
> will push to master soon.
>
> On Wed, Jan 23, 2013 at 1:54 PM, Matt Hauck <mattha...@gmail.com> wrote:
>> Great. I was just about to issue a pull request sometime today actually.
>> I've been using it for a week or two now and it's been working great at
>> least for my uses. There are still remaining things to be done, but they are
>> enhancements.
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 23, 2013 at 11:51 AM, Charles Oliver Nutter wrote:
>>
>> Ok, I'm pulling in the BC updates based on Matt Hauck's branch. I'll
>> pull to a bc147 branch for the moment and run sanity checks, but then
>> merge to master soon after so we get some bake time before JRuby
>> 1.7.3.
>>
>> Since this is going to master, any remaining issues should be filed as
>> bugs or PRs so we can get them repaired before 1.7.3.
>>
>> After the new BC update is in, I'm also going to look into pulling in
>> krypt for JRuby 1.7.3 so we'll have PKCS5 support.
>>
>> - Charlie
>>
>> On Wed, Jan 23, 2013 at 1:42 PM, Charles Oliver Nutter
>> <head...@headius.com> wrote:
>>
>> The jar loading logic is done in LoadService, and was a half-assed
>> attempt for us to make .jar files load something like .so files (load
>> and initialize at once). We need a better mechanism (probably based on
>> meta-inf) but I have been manually loading libraries via JRuby.runtime
>> to move away from the old mechanism.
>>
>> - Charlie
>>
>> On Thu, Jan 10, 2013 at 12:45 PM, Matt Hauck <mattha...@gmail.com> wrote:
>>
>> Turns out OpenSSLReal.createOpenSSL is getting called twice. It was called
>> once by the OSSLLibrary.new.load call, but it was apparently called also
>> when jopenssl.jar was loaded. I cannot figure out why it is getting called
>> when the jar is loaded...
>>
>> --
>> Matt Hauck
>>
>> On Thursday, January 10, 2013 at 3:35 AM, Matt Hauck wrote:
>>
>> Okay. Stayed up a bit too late for this… but finally got all the commits and
>> such sorted out: https://github.com/matthauck/jruby/commits/bc147
>>
>> I'm strangely getting logs of "already initialized constant" errors now
>> though coming from this line:
>> org.jruby.ext.openssl.OSSLLibrary.new.load(JRuby.runtime, false). Not sure
>> what's going on there...
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 10:44 PM, Matt Hauck wrote:
>>
>> I've almost got it working now. There was a regression in
>> Signed#digestAlgorithmsToASN1Set. Getting closer…
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 10:40 PM, Lars Westergren wrote:
>>
>> Hmm, interesting. I'll also look into it this weekend, if you haven't solved
>> it by then. Good thing you spotted this.
>>
>> On Jan 10, 2013 3:24 AM, "Matt Hauck" <mattha...@gmail.com> wrote:
>>
>> FYI: I'm continuing to work on this, but just an FYI there are definitely
>> some problems with the pkcs7 portions of the library. I've attached a simple
>> script that is breaking with the new 1.47 port. It thinks it signs the data
>> successfully and all, but the to_pem / to_der generates invalid data. The
>> script tries to open the generated signed.pem with openssl and openssl can't
>> read it. This script passes fine with jruby 1.7.1.
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 11:58 AM, Matt Hauck wrote:
>>
>> Hmm, the problem appears to be that the actual tests have changed. One of
>> the last tests failing after merging Lars' BC 1.47 changes is in
>> test_pkey_rsa.rb, which is entirely different on the jruby repo from what it
>> used to be in the jruby-openssl repo. The test is "test_load_pkey_rsa_enc".
>> The jruby repo's copy of that file doesn't even have any PEM loading tests…
>>
>> It looks like something got messed up (perhaps intentionally?) with the
>> openssl tests when they were merged to the main jruby repo
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 10:07 AM, Matt Hauck wrote:
>>
>> Sorry for no context, I have a private fork of the old jruby-openssl gem
>> (forked from 0.7.5) that we are still using internally due to some fixes
>> that hadn't yet been accepted upstream. So I merged Lars' BC 1.47 changes
>> back there and ran it against those test cases and got some failures, though
>> running test:mri19 does not indicate any failures...
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 9:52 AM, Charles Oliver Nutter wrote:
>>
>> I'm not sure what you mean by the "old" openssl gem. If you run rake
>> test:mri19 in the JRuby repo it will run the 1.9 version of the
>> OpenSSL tests with known failures excluded.
>>
>> - Charlie
>>
>> On Wed, Jan 9, 2013 at 11:12 AM, Matt Hauck <mattha...@gmail.com> wrote:
>>
>> Hmm. I don't know if all the tests are passing. It is possible I am doing
>> something wrong. I copied over the source to the old jruby openssl gem
>> (since that's the only place I knew how to run the openssl tests), and some
>> of them were failing. The biggest change i needed to get them closer to
>> passing was in Recipient#_initialize.
>>
>> How do you run the openssl tests only from the jruby repo?
>>
>> --
>> Matt Hauck
>>
>> On Wednesday, January 9, 2013 at 8:42 AM, Charles Oliver Nutter wrote:
>>
>> Excellent, Lars! I'll take a look at it and probably roll it into
>> master if it runs green. It will be *very* nice to be current on
>> Bouncy Castle.
>>
>> - Charlie
>>
>> On Wed, Jan 9, 2013 at 1:40 AM, Lars Westergren
>> <lars.westerg...@gmail.com> wrote:
>>
>> I'm far from an expert on security, so if anyone is, a quick code inspect of
>> the above commit would be appreciated! All the build tests pass now, but I
>> haven't had time to try it out on a real application.
>>
>> Regards,
>> Lars
>>
>>
>> On Wed, Jan 9, 2013 at 6:14 AM, Matt Hauck <mattha...@gmail.com> wrote:
>>
>>
>> Sweet. Perfect timing. It looks like it's pretty far along! I'm glad
>> people that know more about this stuff are already working on it. =)
>>
>> --
>> Matt Hauck
>>
>> On Tuesday, January 8, 2013 at 9:05 PM, Alex Tambellini wrote:
>>
>> The upgrade to 1.47 is already being worked on here:
>>
>>
>> https://github.com/LarsWestergren/jruby/commit/c9f36d616bebe5a96c93908469d974c64de314fe
>>
>> On Jan 8, 2013, at 11:10 PM, Matt Hauck <mattha...@gmail.com> wrote:
>>
>> I am glad to hear that I will at least be able to upgrade to jruby 1.7.2
>> and replace out the built-in openssl support in case I need to make a fork
>> with this bouncy castle 1.47 support. I've got it compiling now with the
>> updated BC now, and am beginning to work through some more the more
>> difficult changes. The biggest has to do with deprecating X509Name in favor
>> of X500Name and the various implications of this.
>>
>> --
>> Matt Hauck
>>
>> On Tuesday, January 8, 2013 at 8:00 PM, Matt Hauck wrote:
>>
>> Sadly not so. If you try replacing the bc*.jar files in build_lib with
>> bcprov and bcpkik 1.47 versions you will find the build fails with 100
>> errors.
>>
>> --
>> Matt Hauck
>>
>> On Tuesday, January 8, 2013 at 7:01 PM, kristian wrote:
>>
>> Jruby 1.7.x comes with openssl bundled. I think from version 1.7.1 onwards
>> bouncy castle gets a java package rewrite and is used only internally for
>> openssl. So you are free to add any version of bouncy castle as needed by
>> your application - just do not add the jruby-openssl since this will pull in
>> the old version.
>>
>> Kristian
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>> http://xircles.codehaus.org/manage_email
>>
>>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply via email to