[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14204887#comment-14204887
]
ASF GitHub Bot commented on TS-3024:
GitHub user shinrich opened a pull request:
https://github.com/apache/trafficserver/pull/138
TS-3024
Compile with the OPENSSL_NO_SSL_INTERN flag. Move intern exceptions into
SSLInternal.c.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/shinrich/trafficserver ts-3024
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/138.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #138
commit 340a84d392ad9792eb20f68692f8ea2bb4e2b8b7
Author: shinrich shinr...@network-geographics.com
Date: 2014-11-07T15:05:10Z
TS-3024 Add in the -DOPENSSL_NO_SSL_INTERN flag for compiling and isolate
exceptions in SSLInternal.cc.
commit 81a66b36b3b2370a3cc85fe478efda753a4e6bde
Author: shinrich shinr...@network-geographics.com
Date: 2014-11-07T21:02:50Z
Fix up comment
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
Attachments: ts-3024.patch
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14205194#comment-14205194
]
ASF subversion and git services commented on TS-3024:
-
Commit f1a144df2e5a3f81e3fe11187d3bcb7e8e0f44e5 in trafficserver's branch
refs/heads/master from [~shinrich]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=f1a144d ]
TS-3024: build with OPENSSL_NO_SSL_INTERN
Add in the -DOPENSSL_NO_SSL_INTERN flag for compiling and isolate
exceptions in SSLInternal.cc. This closes #138.
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
Attachments: ts-3024.patch
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14205256#comment-14205256
]
ASF GitHub Bot commented on TS-3024:
Github user asfgit closed the pull request at:
https://github.com/apache/trafficserver/pull/138
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
Attachments: ts-3024.patch
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14201095#comment-14201095
]
Susan Hinrichs commented on TS-3024:
To make Alan's comment above more concrete, I propose the following. In lib/ts
create a TsSsl.h and TsSslExt.cc file. The .cc file will have the
implementation of the extra functions we need to implement to deal with the
cases where we have to reach into the openssl structure. So far this is
SSL_set_rbio()
They only a a version that sets both the read and write bio. Resetting the
write bio to the same thing was breaking processing.
The header file will include the declarations of all extra SSL functions and
the standard SSL include files.
We will pass -DOPENSSL_NO_SSL_INTERN to all the files during compilation. The
TsSslExt.cc file will explicitly undefine it to create the extra functions.
[~amc] and [~jamespeach] any comments on the file naming scheme and general
approach?
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14201148#comment-14201148
]
James Peach commented on TS-3024:
-
I think the goal of setting {{OPENSSL_NO_SSL_INTERN}} is to ensure we are not
reaching into OpenSSL internals, so reaching in on purpose defeats that no
matter how you wrap it. If we need the internals, we might as well just accept
that until such time as there is enough upstream API to implement TS-3006.
I'm wary of adding OpenSSL functions to {{lib/ts}}, since that is used
everywhere, and generally should not pull in OpenSSL.
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14201326#comment-14201326
]
Susan Hinrichs commented on TS-3024:
After IRC discussion, James and I decided on creating
iocore/net/SSLInternal.cc. Hopefully we can get the SSL_set_rbio folded back
into the openssl stream, but in the meantime, it is good to have a home for it.
While compiling the rest of the tree, I found a reference to ssl-ctx, which
was replaced with a call to SSL_get_SSL_CTX().
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
Fix For: 5.2.0
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[
https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14103066#comment-14103066
]
Alan M. Carroll commented on TS-3024:
-
In general this seems reasonable but there will be some cases where it is
necessary to reach in to SSL data structures. For instance, to make TS-3006
work some structure internals must be accessed. What I would suggest is adding
another file, say SSLExt.cc, which contains any and all such internal access
so that (1) it alone is compiled without this flag and (2) localizes all
breakage in a single place to make it easier to use different SSL
implementations.
build with OPENSSL_NO_SSL_INTERN
Key: TS-3024
URL: https://issues.apache.org/jira/browse/TS-3024
Project: Traffic Server
Issue Type: Bug
Components: Build, SSL
Reporter: James Peach
Assignee: Susan Hinrichs
I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more
robust to OpenSSL implementation changes.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
