Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-28 Thread Matt Caswell



On 28/01/2019 21:18, Kurt Roeckx wrote:
> On Mon, Jan 28, 2019 at 03:38:50PM +, Matt Caswell wrote:
>>
>>
>> On 24/01/2019 18:12, Sam Roberts wrote:
>>> The other changes that TLS1.3 requires, multiple session tickets, a
>>> few new APIs to replace some of the SSL_renegotiate use-cases, etc.,
>>> all are pretty routine. We could get TLS1.3 support in Node.js fairly
>>> quickly if the info callback issue was solved openssl side. I'm even
>>> happy to help work on it if that's an issue, it would be more
>>> productive than what I've been trying to do in Node.js.
>>
>> In case anyone missed it I opened a PR for this over the weekend:
>>
>> https://github.com/openssl/openssl/pull/8096
>>
>> I'm leaving it there for a day or two for people to comment. Assuming no 
>> major
>> issues are identified I'll will raise an OMC vote for it.
> 
> Can I suggest you just describe what the patch does, and call a
> vote on that?

Sure. I'll post the proposed text for comment before I call the vote anyway.

Matt
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-28 Thread Kurt Roeckx
On Mon, Jan 28, 2019 at 03:38:50PM +, Matt Caswell wrote:
> 
> 
> On 24/01/2019 18:12, Sam Roberts wrote:
> > The other changes that TLS1.3 requires, multiple session tickets, a
> > few new APIs to replace some of the SSL_renegotiate use-cases, etc.,
> > all are pretty routine. We could get TLS1.3 support in Node.js fairly
> > quickly if the info callback issue was solved openssl side. I'm even
> > happy to help work on it if that's an issue, it would be more
> > productive than what I've been trying to do in Node.js.
> 
> In case anyone missed it I opened a PR for this over the weekend:
> 
> https://github.com/openssl/openssl/pull/8096
> 
> I'm leaving it there for a day or two for people to comment. Assuming no major
> issues are identified I'll will raise an OMC vote for it.

Can I suggest you just describe what the patch does, and call a
vote on that?


Kurt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project


Re: [openssl-project] inline functions

2019-01-28 Thread Benjamin Kaduk
On Mon, Jan 28, 2019 at 07:10:55AM +0100, Richard Levitte wrote:
> On Mon, 28 Jan 2019 06:17:35 +0100,
> Dr Paul Dale wrote:
> > Richard wrote:
> > 
> > Not really, since they are static inline. This is by design, that for 
> > any file you want to use
> > a safestack in, you just start with a DEFINE_ line. The mistake we did 
> > was to leave a few
> > common ones in the safestack header file. (same thing for lhash) 
> > 
> > Which means we’ve a compatibility issue.  The functions are in a public 
> > header, they can be used
> > by any application.  We need to continue supporting such use.
> > Asking a user to add a DEFINE_ line is API breaking.
> > 
> > I would be pro making such a change but we’d need to accept the 
> > consequences.
> 
> We have to accept consequences either way, either:
> 
> 1. the surprise breakage if someone includes  but
>doesn't link with libcrypto, while compiling with
>-fkeep-inline-functions (explicitly or implicitly, depending on the
>compiler)

This one is only "surprising and new" the first time a user/project tries
to turn on -fkeep-inline-functions.

> 2. The controlled and documented change / breakage that they will have
>to either add those DEFINE lines where they need the functionality,
>or include another header file with common stack / lhash type
>implementations (with the caveat that they MUST link with libcrypto
>if they use those headers)

This one is "surprising and new" to everyone using the stuff (i.e., more
people).

-Ben
___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project

Re: [openssl-project] [TLS] Yet more TLS 1.3 deployment updates

2019-01-28 Thread Matt Caswell



On 24/01/2019 18:12, Sam Roberts wrote:
> The other changes that TLS1.3 requires, multiple session tickets, a
> few new APIs to replace some of the SSL_renegotiate use-cases, etc.,
> all are pretty routine. We could get TLS1.3 support in Node.js fairly
> quickly if the info callback issue was solved openssl side. I'm even
> happy to help work on it if that's an issue, it would be more
> productive than what I've been trying to do in Node.js.

In case anyone missed it I opened a PR for this over the weekend:

https://github.com/openssl/openssl/pull/8096

I'm leaving it there for a day or two for people to comment. Assuming no major
issues are identified I'll will raise an OMC vote for it.

Matt

___
openssl-project mailing list
openssl-project@openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-project