This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
[WIP: DO NOT MERGE] OpenSSL but pick up and use 1.1 where availalbe #34729
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Don't write a separator after the empty DN * Make T61String behave like it does on Windows (UTF-8 with a Latin-1 fallback) * Use the managed decoder on Linux, instead of a lot of P/Invokes back into OpenSSL.
* Drop pal_asn1_print in favor of the managed code that is already used on macOS. * Add handling of T61 strings to ManagedCertificateFinder.DerStringToManagedString.
This changes the functional code to use OpenSSL 1.1 API in the places where the API changed. "apibridge" provides equivalent methods for the OpenSSL 1.0 environment. The following configurations have been tested: * Non-portable against OpenSSL 1.0 * Non-portable against OpenSSL 1.1 * Portable, built against OpenSSL 1.0 and run against OpenSSL 1.0 * Portable, built against OpenSSL 1.0 and run against OpenSSL 1.1 * Portable, built against OpenSSL 1.1 and run against OpenSSL 1.0 * Portable, built against OpenSSL 1.1 and run against OpenSSL 1.1 In opensslshim, the PER_FUNCTION_BLOCK macro style has been broken up into a named purposes: * REQUIRED_FUNCTION(fn) * API that we use unconditionally, regardless of version * Formerly PER_FUNCTION_BLOCK(fn, true) * NEW_REQUIRED_FUNCTION(fn) * API that we use unconditionally in paths that only exist against OpenSSL 1.1, is not probed for when the runtime is 1.0 * LIGHTUP_FUNCTION(fn) * API that might not exist, must be probed with API_EXISTS checks before being utilized * Formerly PER_FUNCTION_BLOCK(fn, false) * FALLBACK_FUNCTION(fn) * API that is required on OpenSSL 1.1, and when not found will bind to a method named local_#fn in the shim library * RENAMED_FUNCTION(fn,oldfn) * Handles a rename with no signature change from oldfn to newfn, binds appropriately based on the runtime library. * LEGACY_FUNCTION(fn) * API that we use unconditionally in paths that only exist against OpenSSL 1.0, is not probed for when the runtime is 1.1. Two new #defines are available, but ideally need no further usage: * NEED_OPENSSL_1_0 * Defined when building portable, or on non-portable when the headers are OpenSSL 1.0 * NEED_OPENSSL_1_1 * Defined when building portable, or on non-portable when the headers are OpenSSL 1.1
This is a leftover from before the OpenSSL 1.0/1.1 hybridization. There was no HMAC_CTX_free() in 1.0. Fixes #34210
Future releases of .NET Core prefer OpenSSL 1.1.x. For the sake of compatiblity, 2.x releases should prefer 1.0.x.
…bcurl Rather than check a generic 1.0/1.1, test for the specific library version that the crypto shim has loaded. This makes things work when both libcurl and the crypto shim are using OpenSSL 1.1 and also prevents a state where two different copies of the library (at different patch versions) are utilized.
OpenSSL 1.0 and 1.1 have different messages for the errors, but the same error code. So only check the error code, not the exact error message. This is a port of dotnet#30889.
This reverts commit 60e4274. FOR TESTING ONLY. DO NOT MERGE.
omajid
changed the title
|
@omajid Is this PR still needed for anything? |
|
Nope. Closing now. Thanks for reminding me. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is #34443 but actually picks up OpenSSL 1.1 if it's installed (instead of always preferring 1.0). This PR is for testing how things look in CI. It's not meant to be reviewed or merged.
Please do not review or merge this. This is for testing #34443 only.