On Apr 28, 2012 1:00 PM, "Nick Sieger" <nicksie...@gmail.com> wrote: > Yeah, as a stopgap we could still compile against BC but just blow up if the jars are not available, and they could work again simply by "gem install bouncy-castle-java". > > /Nick
Yeah I have been thinking the same thing, probably using a post-install hook to permanently instal BC into the JRuby lib or stuff them into jruby.jar. Logistically that has its own challenges, of course, like getting warbled/jarred apps to know they need to pull in the BC jar contents. But it could be done. -Charlie > > > > At the moment, I believe I have the "builtin" version ready to go and > > will merge it to master as a single squashed commit (for ease of > > reversion if we decide to back off from this). It passes nearly all > > openssl Ruby tests in 1.8 mode, and fails many (but seems to function > > properly) in 1.9 mode. > > > > I'll need help from openssl/crypto folks to clean up as many of the > > remaining issues as possible. > > > > - Charlie > > > > On Fri, Apr 27, 2012 at 4:50 AM, Charles Oliver Nutter > > <head...@headius.com> wrote: > >> Ok, we need to discuss this a bit. I think it's time we rolled > >> jruby-ossl (OpenSSL) directly into JRuby and maintained it there. > >> > >> There are many reasons why this will make life easier: > >> > >> * No requirement to install a gem to get SSL support, which is > >> sometimes impossible of only SSL sources are available > >> * Ability to use SSL without loading RubyGems. Less of a gain under > >> 1.9 mode, which always has RubyGems loaded. > >> * Fewer goofy issues and bug reports due to our stubbed-out versions > >> not being fully functional and sometimes not properly intercepting SSL > >> calls that need the gem. > >> > >> We originally did not include jruby-ossl in JRuby because we (and Sun, > >> at the time) were concerned about us shipping crypto -- the > >> BouncyCastle libraries as part of JRuby proper. I've done some > >> research on the exportability of BouncyCastle, and all signs > >> (including BC's site and the US government's sites on the subject) > >> seem to indicate that because BC is open-source and freely available, > >> all we need to do is notify the US government of our intention to ship > >> it as part of JRuby. So I think it's time we bit the bullet. > >> > >> I will handle contacting US gov't folks to confirm this, but in the > >> meantime I've created the builtin_ssl branch (on github/headius/jruby) > >> that folds jruby-ossl code back into JRuby proper. It appears to be > >> passing tests. > >> > >> Thoughts? Concerns? > >> > >> - Charlie > > > > --------------------------------------------------------------------- > > To unsubscribe from this list, please visit: > > > > http://xircles.codehaus.org/manage_email > > > > > > > --------------------------------------------------------------------- > To unsubscribe from this list, please visit: > > http://xircles.codehaus.org/manage_email > >
