You are viewing a plain text version of this content. The canonical link for it is here.

Posted to github@trafficserver.apache.org by GitBox <gi...@apache.org> on 2020/12/01 06:52:11 UTC

[GitHub] [trafficserver] maskit opened a new pull request #7363: Use EVP MAC API if available

maskit opened a new pull request #7363:
URL: https://github.com/apache/trafficserver/pull/7363


   HMAC_Init_ex is going to be deprecated since OpenSSL 3.0
   
   https://www.openssl.org/docs/manmaster/man3/HMAC_Init_ex.html
   https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_ticket_key_cb.html
   https://www.openssl.org/docs/manmaster/man3/EVP_MAC_CTX_set_params.html


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] maskit merged pull request #7363: Use EVP MAC API if available

Posted by GitBox <gi...@apache.org>.

maskit merged pull request #7363:
URL: https://github.com/apache/trafficserver/pull/7363


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] maskit commented on pull request #7363: Use EVP MAC API if available

Posted by GitBox <gi...@apache.org>.

maskit commented on pull request #7363:
URL: https://github.com/apache/trafficserver/pull/7363#issuecomment-738471632


   Thanks for reviewing.
   
   > the point of this PR seems to be using the appropriate session ticket APIs.
   
   It depends on perspectives. The API to register a callback function for session ticket handling is changed, and I had to modify configure script to detect which API should be used. However, it was not the start point of this change.
   
   When I compiled current ATS code with the latest OpenSSL, I got an error on use of `HMAC_Init_ex` which is going to be deprecated. The suggested replacement is `EVP_MAC_CTX_set_params` that requires `EVP_MAC_CTX` instead of `HMAC_CTX`. So I looked into where `HMAC_CTX` came from, and I reached the callback registration API.
   
   `SSL_CTX_set_tlsext_ticket_key_cb` (the old one) is deprecated as well so the title could be different if I found it first, but if you look at the difference between old API and new API, the only difference is the type of context. It's not about session ticket itself.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org