Charles Oliver Nutter wrote:
Charles Oliver Nutter wrote:
SSLEngine and friends are going to be a problem.
After looking a bit more, it seems like the SSL socket stuff is largely
independent of BC. A new SSLContext is requested with
SSLContext.getInstance("SSL"), not by specifying a specific provider
with SSLContext.getInstance("SSL", "BC"). I removed the line in
OpenSSLReal that registers BC and was able to connect to an https site
with net/https. And as a final test, I removed BC from the jopenssl
Class-Path manifeset, disabled binding of all but the SSLSocket-related
classes and modules, and it still worked.
So it seems like we really have two separate pieces here in
JRuby-OpenSSL: one to provide all the encryption, key, cert, and so on
capabilities one would need to implement one's own file or stream-based
encryption logic, and a pre-build SSL socket implementation. The former
is dependent on BC; the latter is not.
Ola, please jump in any time and confirm this. It seems like if we can
get SSL sockets working without BC present that would be a huge way to
simplify this problem in the near term while we work on making the rest
of jopenssl use BC's lightweight APIs directly.
Attached is the patch I came up with to jopenssl to disable all but SSL
sockets and remove BC from the classpath. Double check my work.
The script I ran is as follows:
jruby -I lib -e "require 'net/https'; require 'uri'; uri =
URI.parse('https://mail.google.com/'); http = Net::HTTP.new(uri.host,
uri.port); http.use_ssl = true; http.start { http.request_get(uri.path)
{|res| print res.body} }"
And the output:
warning: peer certificate won't be verified in this SSL session
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://mail.google.com/mail/";>here</A>.
</BODY>
</HTML>
- Charlie
Index: lib/openssl.rb
===================================================================
--- lib/openssl.rb (revision 821)
+++ lib/openssl.rb (working copy)
@@ -16,9 +16,9 @@
require 'jopenssl'
-require 'openssl/bn'
-require 'openssl/cipher'
-require 'openssl/digest'
+#require 'openssl/bn'
+#require 'openssl/cipher'
+#require 'openssl/digest'
require 'openssl/ssl'
-require 'openssl/x509'
+#require 'openssl/x509'
Index: lib/jruby.jar
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: src/java/org/jruby/ext/openssl/OpenSSLReal.java
===================================================================
--- src/java/org/jruby/ext/openssl/OpenSSLReal.java (revision 821)
+++ src/java/org/jruby/ext/openssl/OpenSSLReal.java (working copy)
@@ -36,22 +36,22 @@
*/
public class OpenSSLReal {
public static void createOpenSSL(Ruby runtime) {
- java.security.Security.insertProviderAt(new
org.bouncycastle.jce.provider.BouncyCastleProvider(),2);
+ //java.security.Security.insertProviderAt(new
org.bouncycastle.jce.provider.BouncyCastleProvider(),2);
RubyModule ossl = runtime.getOrCreateModule("OpenSSL");
RubyClass standardError = runtime.getClass("StandardError");
ossl.defineClassUnder("OpenSSLError",standardError,standardError.getAllocator());
-
- ASN1.createASN1(runtime, ossl);
- Digest.createDigest(runtime, ossl);
- Cipher.createCipher(runtime, ossl);
- Random.createRandom(runtime, ossl);
- PKey.createPKey(runtime,ossl);
- HMAC.createHMAC(runtime,ossl);
- X509.createX509(runtime,ossl);
- Config.createConfig(runtime,ossl);
- NetscapeSPKI.createNetscapeSPKI(runtime,ossl);
- PKCS7.createPKCS7(runtime,ossl);
+//
+// ASN1.createASN1(runtime, ossl);
+// Digest.createDigest(runtime, ossl);
+// Cipher.createCipher(runtime, ossl);
+// Random.createRandom(runtime, ossl);
+// PKey.createPKey(runtime,ossl);
+// HMAC.createHMAC(runtime,ossl);
+// X509.createX509(runtime,ossl);
+// Config.createConfig(runtime,ossl);
+// NetscapeSPKI.createNetscapeSPKI(runtime,ossl);
+// PKCS7.createPKCS7(runtime,ossl);
SSL.createSSL(runtime,ossl);
ossl.setConstant("VERSION",runtime.newString("1.0.0"));
Index: build.xml
===================================================================
--- build.xml (revision 821)
+++ build.xml (working copy)
@@ -43,7 +43,7 @@
<jar destfile="${lib.dir}/jopenssl.jar" basedir="${target.classes}">
<manifest>
<attribute name="Built-By" value="${user.name}"/>
- <attribute name="Class-Path" value="${bcjars}"/>
+ <!--<attribute name="Class-Path" value="${bcjars}"/>-->
</manifest>
</jar>
</target>
---------------------------------------------------------------------
To unsubscribe from this list please visit:
http://xircles.codehaus.org/manage_email
