You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2014/11/06 23:41:33 UTC

[jira] [Comment Edited] (TS-3024) build with OPENSSL_NO_SSL_INTERN

    [ https://issues.apache.org/jira/browse/TS-3024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14201095#comment-14201095 ] 

Susan Hinrichs edited comment on TS-3024 at 11/6/14 10:40 PM:
--------------------------------------------------------------

To make Alan's comment above more concrete, I propose the following.  In lib/ts  create a TsSsl.h and TsSslExt.cc file.  The .cc file will have the implementation of the extra functions we need to implement to deal with the cases where we have to reach into the openssl structure.  So far this is

SSL_set_rbio()

The base openssl only has a version that sets both the read and write bio.  Resetting the write bio to the same thing was breaking processing.

The header file will include the declarations of all extra SSL functions and the standard SSL include files.  

We will pass -DOPENSSL_NO_SSL_INTERN to all the files during compilation.  The TsSslExt.cc file will explicitly undefine it to create the extra functions.

[~amc] and [~jamespeach] any comments on the file naming scheme and general approach?


was (Author: shinrich):
To make Alan's comment above more concrete, I propose the following.  In lib/ts  create a TsSsl.h and TsSslExt.cc file.  The .cc file will have the implementation of the extra functions we need to implement to deal with the cases where we have to reach into the openssl structure.  So far this is

SSL_set_rbio()

They only a a version that sets both the read and write bio.  Resetting the write bio to the same thing was breaking processing.

The header file will include the declarations of all extra SSL functions and the standard SSL include files.  

We will pass -DOPENSSL_NO_SSL_INTERN to all the files during compilation.  The TsSslExt.cc file will explicitly undefine it to create the extra functions.

[~amc] and [~jamespeach] any comments on the file naming scheme and general approach?

> build with OPENSSL_NO_SSL_INTERN
> --------------------------------
>
>                 Key: TS-3024
>                 URL: https://issues.apache.org/jira/browse/TS-3024
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Build, SSL
>            Reporter: James Peach
>            Assignee: Susan Hinrichs
>             Fix For: 5.2.0
>
>
> I think we should enable {{OPENSSL_NO_SSL_INTERN}} to make ourselves more robust to OpenSSL implementation changes.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)