Repush of pull request #98 due to strawberry hickup. #100
Conversation
openssl 0.9.8 deprecated RSA_generate_key (see https://www.openssl.org/docs/man1.1.1/man3/RSA_generate_key.html) openssl 1.1.0 it is not possible anymore to generate the BN_GENCB structure directly (see https://www.openssl.org/docs/man1.1.1/man3/BN_GENCB_new.html)
|
Thanks for looking at this. I'd say we could even drop the #else part that uses RSA_generate_key(). This would mean 0.9.8 is the oldest supported version. Also, I gave this a quick spin on different LibreSSL versions and with the following modification the patches version compiles with 2.2.1 and later:
However, lets see pull request #95 about what to do with LibreSSL version checks. |
|
@chincheta0815 in your Perl RT ticket at https://rt.cpan.org/Public/Bug/Display.html?id=127593 you mention that compilation failed because of missing symbol. What system did you try compiling it? Since it works with latest OpenSSL master, it was probably something related to the system you were using. For example, OpenSSL was compiled to exclude deprecated APIs. Your patch is fine, but I thought it would be good to know how different systems are configured. |
|
The error was a "relocation error" saying that "symbol" for "RSA_generate_key_ex" was not found. The system was the latest stable OmniOSCE (Illumos). This system has transitioned to OpenSSL 1.1 by default. You can set it back to OpenSSL 1.0, but that is not the best choice. I also think that it was compiled without using deprecated API. Nevertheless, the default system packages of OmniOSCE are involved, so the patch seems reasonable (also for Android). It tried to cover everything in a general manner, using the info in the OpenSSL docs:
Also, https://www.openssl.org/docs/man1.1.1/man3/BN_GENCB_new.html states that "BN_GENCB callback;" is remove not deprecated. Hope this helps. |
|
Sorry for closing. |
Just a comment: Well, skipping the #else part might be an idea, but is this really necessary? Since it won't change a lot support old version it might be an idea. Anyways the code would be more complex. Do you wan me to change anything in my codebase and include your path or will/did you already do something? |
|
You could add the LibreSSL version checks to the line that now checks for OpenSSL 1.1.0. Then it would work with a number of LibreSSL versions too. What comes to versions older than 0.9.8, all of them are now more than 12 years old. At some point support for those versions can go. However, we can keep this patch shorter by not changing multiple things at the same time. One more thing: You mentioned that RSA_generate_key_ex was not found. I thought this is the current function and RSA_generate_key is the one that's deprecated. |
|
For the first two paragraph: For the last paragraph: |
|
The ifdefs look good now. I tested it with LibreSSL 2.2.1 up to 2.8.2 and OpenSSL master. One thing I noticed is that return value checks were not done in the old code as they should be, for example checks for BN_new() and RSA_new() are missing and late. Your code adds BN_GENCB_new() which should be checked for failure too. Could you fix this at least? |
|
Sure I can. new_cb = BN_GENCB_new(); I am a little confused by all the perl stuff. In C I would simply print "ERROR: could not allocate new_cb." If I got that I think I can easily add that for BN_new() and RSA_new() Would it be as: https://github.com/chincheta0815/p5-net-ssleay/blob/46cc1aea99d1d17920cb427b880645e5706c70b5/SSLeay.xs#L1735 |
|
Thanks for adding the checks and croaks. I added a couple of more free calls before the croaks to free what was allocated before croak is needed. |
|
Thanks. |
No description provided.