Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates
On 28/01/2019 21:18, Kurt Roeckx wrote: > On Mon, Jan 28, 2019 at 03:38:50PM +, Matt Caswell wrote: >> >> >> On 24/01/2019 18:12, Sam Roberts wrote: >>> The other changes that TLS1.3 requires, multiple session tickets, a >>> few new APIs to replace some of the SSL_renegotiate use-cases, etc., >>> all are pretty routine. We could get TLS1.3 support in Node.js fairly >>> quickly if the info callback issue was solved openssl side. I'm even >>> happy to help work on it if that's an issue, it would be more >>> productive than what I've been trying to do in Node.js. >> >> In case anyone missed it I opened a PR for this over the weekend: >> >> https://github.com/openssl/openssl/pull/8096 >> >> I'm leaving it there for a day or two for people to comment. Assuming no >> major >> issues are identified I'll will raise an OMC vote for it. > > Can I suggest you just describe what the patch does, and call a > vote on that? Sure. I'll post the proposed text for comment before I call the vote anyway. Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates
On Mon, Jan 28, 2019 at 03:38:50PM +, Matt Caswell wrote: > > > On 24/01/2019 18:12, Sam Roberts wrote: > > The other changes that TLS1.3 requires, multiple session tickets, a > > few new APIs to replace some of the SSL_renegotiate use-cases, etc., > > all are pretty routine. We could get TLS1.3 support in Node.js fairly > > quickly if the info callback issue was solved openssl side. I'm even > > happy to help work on it if that's an issue, it would be more > > productive than what I've been trying to do in Node.js. > > In case anyone missed it I opened a PR for this over the weekend: > > https://github.com/openssl/openssl/pull/8096 > > I'm leaving it there for a day or two for people to comment. Assuming no major > issues are identified I'll will raise an OMC vote for it. Can I suggest you just describe what the patch does, and call a vote on that? Kurt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] inline functions
On Mon, Jan 28, 2019 at 07:10:55AM +0100, Richard Levitte wrote: > On Mon, 28 Jan 2019 06:17:35 +0100, > Dr Paul Dale wrote: > > Richard wrote: > > > > Not really, since they are static inline. This is by design, that for > > any file you want to use > > a safestack in, you just start with a DEFINE_ line. The mistake we did > > was to leave a few > > common ones in the safestack header file. (same thing for lhash) > > > > Which means we’ve a compatibility issue. The functions are in a public > > header, they can be used > > by any application. We need to continue supporting such use. > > Asking a user to add a DEFINE_ line is API breaking. > > > > I would be pro making such a change but we’d need to accept the > > consequences. > > We have to accept consequences either way, either: > > 1. the surprise breakage if someone includes but >doesn't link with libcrypto, while compiling with >-fkeep-inline-functions (explicitly or implicitly, depending on the >compiler) This one is only "surprising and new" the first time a user/project tries to turn on -fkeep-inline-functions. > 2. The controlled and documented change / breakage that they will have >to either add those DEFINE lines where they need the functionality, >or include another header file with common stack / lhash type >implementations (with the caveat that they MUST link with libcrypto >if they use those headers) This one is "surprising and new" to everyone using the stuff (i.e., more people). -Ben ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates
On 24/01/2019 18:12, Sam Roberts wrote: > The other changes that TLS1.3 requires, multiple session tickets, a > few new APIs to replace some of the SSL_renegotiate use-cases, etc., > all are pretty routine. We could get TLS1.3 support in Node.js fairly > quickly if the info callback issue was solved openssl side. I'm even > happy to help work on it if that's an issue, it would be more > productive than what I've been trying to do in Node.js. In case anyone missed it I opened a PR for this over the weekend: https://github.com/openssl/openssl/pull/8096 I'm leaving it there for a day or two for people to comment. Assuming no major issues are identified I'll will raise an OMC vote for it. Matt ___ openssl-project mailing list openssl-project@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-project
