On Apr 28, 2012, at 10:40 AM, Charles Oliver Nutter wrote: > This does bring up a logistical issue...there are folks who will not > want to touch a JRuby distribution with BC included, so it's likely > that we'll need to provide artifacts that omit BC completely. That > means we'll still ideally want as much as possible to function when BC > is not available.
Yeah, as a stopgap we could still compile against BC but just blow up if the jars are not available, and they could work again simply by "gem install bouncy-castle-java". /Nick > > At the moment, I believe I have the "builtin" version ready to go and > will merge it to master as a single squashed commit (for ease of > reversion if we decide to back off from this). It passes nearly all > openssl Ruby tests in 1.8 mode, and fails many (but seems to function > properly) in 1.9 mode. > > I'll need help from openssl/crypto folks to clean up as many of the > remaining issues as possible. > > - Charlie > > On Fri, Apr 27, 2012 at 4:50 AM, Charles Oliver Nutter > <head...@headius.com> wrote: >> Ok, we need to discuss this a bit. I think it's time we rolled >> jruby-ossl (OpenSSL) directly into JRuby and maintained it there. >> >> There are many reasons why this will make life easier: >> >> * No requirement to install a gem to get SSL support, which is >> sometimes impossible of only SSL sources are available >> * Ability to use SSL without loading RubyGems. Less of a gain under >> 1.9 mode, which always has RubyGems loaded. >> * Fewer goofy issues and bug reports due to our stubbed-out versions >> not being fully functional and sometimes not properly intercepting SSL >> calls that need the gem. >> >> We originally did not include jruby-ossl in JRuby because we (and Sun, >> at the time) were concerned about us shipping crypto -- the >> BouncyCastle libraries as part of JRuby proper. I've done some >> research on the exportability of BouncyCastle, and all signs >> (including BC's site and the US government's sites on the subject) >> seem to indicate that because BC is open-source and freely available, >> all we need to do is notify the US government of our intention to ship >> it as part of JRuby. So I think it's time we bit the bullet. >> >> I will handle contacting US gov't folks to confirm this, but in the >> meantime I've created the builtin_ssl branch (on github/headius/jruby) >> that folds jruby-ossl code back into JRuby proper. It appears to be >> passing tests. >> >> Thoughts? Concerns? >> >> - Charlie > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > > --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
