[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14205256#comment-14205256 ] ASF GitHub Bot commented on TS-3024: Github user asfgit closed the pull request at: https://github.com/apache/trafficserver/pull/138 > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > Attachments: ts-3024.patch > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14205194#comment-14205194 ] ASF subversion and git services commented on TS-3024: - Commit f1a144df2e5a3f81e3fe11187d3bcb7e8e0f44e5 in trafficserver's branch refs/heads/master from [~shinrich] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=f1a144d ] TS-3024: build with OPENSSL_NO_SSL_INTERN Add in the -DOPENSSL_NO_SSL_INTERN flag for compiling and isolate exceptions in SSLInternal.cc. This closes #138. > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > Attachments: ts-3024.patch > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14204887#comment-14204887 ] ASF GitHub Bot commented on TS-3024: GitHub user shinrich opened a pull request: https://github.com/apache/trafficserver/pull/138 TS-3024 Compile with the OPENSSL_NO_SSL_INTERN flag. Move intern exceptions into SSLInternal.c. You can merge this pull request into a Git repository by running: $ git pull https://github.com/shinrich/trafficserver ts-3024 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/trafficserver/pull/138.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #138 commit 340a84d392ad9792eb20f68692f8ea2bb4e2b8b7 Author: shinrich Date: 2014-11-07T15:05:10Z TS-3024 Add in the -DOPENSSL_NO_SSL_INTERN flag for compiling and isolate exceptions in SSLInternal.cc. commit 81a66b36b3b2370a3cc85fe478efda753a4e6bde Author: shinrich Date: 2014-11-07T21:02:50Z Fix up comment > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > Attachments: ts-3024.patch > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201326#comment-14201326 ] Susan Hinrichs commented on TS-3024: After IRC discussion, James and I decided on creating iocore/net/SSLInternal.cc. Hopefully we can get the SSL_set_rbio folded back into the openssl stream, but in the meantime, it is good to have a home for it. While compiling the rest of the tree, I found a reference to ssl->ctx, which was replaced with a call to SSL_get_SSL_CTX(). > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201148#comment-14201148 ] James Peach commented on TS-3024: - I think the goal of setting {{OPENSSL_NO_SSL_INTERN}} is to ensure we are not reaching into OpenSSL internals, so reaching in on purpose defeats that no matter how you wrap it. If we need the internals, we might as well just accept that until such time as there is enough upstream API to implement TS-3006. I'm wary of adding OpenSSL functions to {{lib/ts}}, since that is used everywhere, and generally should not pull in OpenSSL. > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201095#comment-14201095 ] Susan Hinrichs commented on TS-3024: To make Alan's comment above more concrete, I propose the following. In lib/ts create a TsSsl.h and TsSslExt.cc file. The .cc file will have the implementation of the extra functions we need to implement to deal with the cases where we have to reach into the openssl structure. So far this is SSL_set_rbio() They only a a version that sets both the read and write bio. Resetting the write bio to the same thing was breaking processing. The header file will include the declarations of all extra SSL functions and the standard SSL include files. We will pass -DOPENSSL_NO_SSL_INTERN to all the files during compilation. The TsSslExt.cc file will explicitly undefine it to create the extra functions. [~amc] and [~jamespeach] any comments on the file naming scheme and general approach? > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > Fix For: 5.2.0 > > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TS-3024) build with OPENSSL_NO_SSL_INTERN
[ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14103066#comment-14103066 ] Alan M. Carroll commented on TS-3024: - In general this seems reasonable but there will be some cases where it is necessary to reach in to SSL data structures. For instance, to make TS-3006 work some structure internals must be accessed. What I would suggest is adding another file, say "SSLExt.cc", which contains any and all such internal access so that (1) it alone is compiled without this flag and (2) localizes all breakage in a single place to make it easier to use different SSL implementations. > build with OPENSSL_NO_SSL_INTERN > > > Key: TS-3024 > URL: https://issues.apache.org/jira/browse/TS-3024 > Project: Traffic Server > Issue Type: Bug > Components: Build, SSL >Reporter: James Peach >Assignee: Susan Hinrichs > > I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more > robust to OpenSSL implementation changes. -- This message was sent by Atlassian JIRA (v6.2#6252)