You are viewing a plain text version of this content. The canonical link for it is here.

Posted to legal-discuss@apache.org by "Uwe Schindler (JIRA)" <ji...@apache.org> on 2018/11/28 10:55:00 UTC

[jira] [Created] (LEGAL-425) Usage of Conscyrpt JAR file in Solr distribution

Uwe Schindler created LEGAL-425:
-----------------------------------

             Summary: Usage of Conscyrpt JAR file in Solr distribution
                 Key: LEGAL-425
                 URL: https://issues.apache.org/jira/browse/LEGAL-425
             Project: Legal Discuss
          Issue Type: Question
            Reporter: Uwe Schindler


Apache Solr still has Java 8 as a minimum requirement. To provide HTTP/2 support in the distribution with TLS, the bundled Jetty Server and Jetty Client (for SolrJ) has to be configured to use the Google Conscrypt library (see [https://github.com/google/conscrypt]) and enable it on startup.

The Conscrypt library itsself is Apache License 2. But its binary JAR file contains native code from BoringSSL, a fork of OpenSSL. As the status of licenses in OpenSSL and especially in BoringSSL, we are not sure how to handle that. Our own code only links against ASF2 licensed code (Conscrypt), so the Source.ZIP files of Lucene/Solr are perfectly fine, but the binary distribution would ship with the JAR file that contains the ASF2 licensed library that ships with some binary .so/.dll blobs inside).

The Jetty webserver does not bundle Conscrypt and only allows the user to enable HTTP2 if the user manually downloads conscrypt (see [https://www.eclipse.org/jetty/documentation/9.4.x/jetty-ssl-distribution.html#jetty-conscrypt-distribution]).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org