-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to OpenSSL-1.0.2 #589
Comments
I started porting yesterday. The import is pretty simple but since I can't find any traces of google incorporating 1.0.2, the gyp-file needs work. I haven't even started looking at |
@jbergstroem cool! Just FYI, this .gyp file is barely related to the one that was done by Google team. The comment above it is mostly a legacy thing, we rewrote it a couple of times. |
I missed this issue. Yes, I'm working on it. The current branch of openssl-1.0.2 supports only Linux and MacOS and I will do work on Windows next, but I don't have an arm environment for development and tests. I hope someone helps it. |
@shigeki just wanted people visiting that issue to check your work out. I'm doing some testing on FreeBSD at the moment. |
@shigeki need any help on this? I'd like to ship it as soon as possible ;) |
@indutny asm was done for x64 in linux and macos. I will work windows today but I don't have arm and others. ALPN has already been done based on Node-0.11 as in shigeki@5d6c147 . @chrisdickinson @rvagg How can I use jenkins-iojs.nodesource.com for build testing? |
@shigeki I'll try and get around to adding you today to CI, I have a list of people I need to add |
@shigeki there is no need for ALPN patch, this feature is in OpenSSL-1.0.2 anyway. |
@indutny This patch uses ALPN API in OpenSSL-1.0.2 and add options.ALPNProtocols. Openssl-1.0.2 was applied to Node-v0.11 by git submodule without using gyp. I think this can be applied to io.js after upgrading openssl-1.0.2 |
@shigeki aaah, I see now. You was talking about node.js support, not about patching OpenSSL itself. Good job, man. Let's move it forward! ;) |
@indutny Upgrading to openssl-1.0.2 is almost done in https://github.com/shigeki/io.js/tree/WIP_upgrade_openssl102 except testing on arm. But there is a build issue of x86-win32-masm asm with using ml.exe as reported in http://rt.openssl.org/Ticket/Display.html?id=3650&user=guest&pass=guest . A patch to fix this was shown but not merged yet. And I also found in the issue tracker that openssl team strongly recommended to use nasm. There is no error when we use nasm. Upgrading of openssl cannot be finished without solving this issue, so now we have 4 options to go as
I prefer 2 or 3 for now. I've confirmed both is working well and the above my WIP branch was worked on 2. Then, we need to discuss if we move to use nasm in the future. Do you have any thoughts? |
I'm -1 for 3 and +1 for 2. |
@indutny Thanks. I continue to work on 2. I'd like to have a directory to store this kind of private patches for a third party library somewhere in iojs repository so as not to miss it in the future. I've spent some time to fix TLS tests on Windows as your patch of ab71223 was missed to be applied. @rvagg I'm waiting for my account for testing on arm. Did you already sent it to me? |
@shigeki I usually just use |
@indutny Yes, that's the way we need now. I just think of some kinds of http://src.chromium.org/chrome/trunk/deps/third_party/openssl/patches.chromium/ but patches should be already applied as it is not a good idea to apply patches during build. |
@shigeki I'm -1 for this, don't see any point in duplicating information that is already available in git tree. |
@shigeki I wonder if we could actually use |
@shigeki may I ask you to borrow the assembly stuff from indutny/bud@be4af45 if it works for you? (I'm in process of testing builds on various platforms) |
UPDATE: It works on ia32/x86_64 OSX. Testing it on ubuntu. |
UPDATE: Fixed ubuntu-ia32: indutny/bud@29c5e01 |
If by 'use' you mean 'gyp-ify, bundle and build', I guess that could work. It's pretty easy to build and it's license compatible (BSD.) |
Yes, exactly. UPDATE: ia32/x86_64 Linux works. |
UPDATE: indutny/bud@29c5e01 |
@indutny I've changed
I got a Rasp Pi2 last night and can work asm target today. I can finish it soon so let's finish #723 before upgrading. |
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs#589 PR-URL: nodejs#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: #589 Backport-PR-URL: #28230 PR-URL: #1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
`x86masm.pl` was mistakenly using .486 instruction set, why `cpuid` (and perhaps others) are requiring .686 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
See https://mta.openssl.org/pipermail/openssl-dev/2015-February/000651.html iojs needs to stop using masm and move to nasm or yasm on Win32. Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reapply b910613 . Fixes: nodejs/node#589 PR-URL: nodejs/node#1389 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
See https://www.openssl.org/docs/ssl/SSL_CTX_set_cert_cb.html
Basically, we will be able to eliminate our hello parser and use new APIs for async OCSP/SNI and stuff like that.
cc @bnoordhuis
The text was updated successfully, but these errors were encountered: