Rémy, On 11/22/21 02:00, Rémy Maucherat wrote:
I am done with the initial version of the OpenSSL with Panama module.
Fantastic.
It could be time for more testing and build releases (obviously targeting only Java 17). It should also be easy to add new features as needed since the full OpenSSL API is available and there's no hard to update subcomponent to release first. I only focused on replicating the functionality that was in tomcat-native. What would be the best way to proceed ?
What does it take to run Tomcat's unit-test suite with Panama enabled, instead of e.g. tcnative?
It might help to post an "invitation to try something out" and see if anyone gets failures you didn't get during your work.
I also updated the panama-foreign version of it since it is now stable-with-workaround, at: https://github.com/rmaucher/openssl-panama-foreign . It will eventually require whichever Java first gets the non incubator version of the API (it could be 19 or 20).
I may have asked this already: would this be expected to work with LibreSSL? I think they have a goal of binary-compatibility with OpenSSL.
Similarly, Stefan @ httpd has produced an experimental mod_tls for httpd which uses RustTLS as its underlying crypto library instead of OpenSSL. It might be interesting to see how difficult it would be to use RustTLS instead of OpenSSL, though that may require some significant changes to Tomcat's code to deal with any "philosophical" differences between the OpenSSL API and RustTLS.
I fully expect a presentation at the next ApacheCon about all the work you are doing. :)
-chris --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
