Hi Martijn,
Doh! I was looking at the netty-tcnative-openssl-static module, not the one
pulled in by Flink netty-tcnative-boringssl-static, which is of course
building BoringSSL not OpenSSL. So the legal issue stands.
Maybe there's a possibility to offer netty-tcnative-openssl-static as an
option, but it is not published by the netty project [1], Flink would have
to build it and take on that pain. Where the netty boringssl artefact will
be more battle tested by the wider community. Sounds like more
risk/maintenance than the current solution.
Thanks,
Rob
1. https://github.com/netty/netty-tcnative/issues/226
On Wed, Jul 10, 2024 at 7:24 PM Martijn Visser
wrote:
> Hi Rob,
>
> While Netty TCNative has upgraded to Openssl 3, there are still references
> to BoringSSL [1]. Do you know if TCNative still uses BoringSSL as well in
> this version?
>
> Best regards,
>
> Martijn
>
> [1]
>
> https://github.com/netty/netty-tcnative/blob/netty-tcnative-parent-2.0.62.Final/license/LICENSE.boringssl.txt
>
> On Wed, Jul 10, 2024 at 3:54 AM Robert Young
> wrote:
>
> > Hi,
> >
> > I see in flink-shaded main we depend
> > on 2.0.62.Final and we
> > currently avoid building/distributing flink-shaded-netty-tcnative-static
> > due to legal issues
> >
> > > This module is excluded by default since it is not compliant with the
> > apache license. https://issues.apache.org/jira/browse/LEGAL-393
> >
> > netty-tcnative 2.0.62.Final upgraded openssl to 3.1.2 [1]
> >
> > Openssl 3 introduced a license change to apache 2 [2] so I wondered if
> it's
> > now okay to build/deploy flink-shaded-netty-tcnative-static? Then we
> could
> > avoid having to build the static lib in the flink core end-to-end tests
> [3]
> > and include it in the flink binary distribution for users to access.
> >
> > 1.
> >
> >
> https://github.com/netty/netty-tcnative/blob/d70e48a56c4aaa8df86a7de2e275e51aa0cc43a1/pom.xml#L97
> > 2. https://www.openssl.org/docs/man3.0/man7/migration_guide.html
> > 3.
> >
> >
> https://github.com/apache/flink/blob/4e86d98437480377973f66600c2d5bda907589d6/flink-end-to-end-tests/test-scripts/common_ssl.sh#L82
> >
> > Thanks,
> > Rob Young
> >
>