Improve OpenSSL library version detection #938
No reviewers
Labels
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
No Milestone
No project
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Bitmessage/PyBitmessage-2024-11-28#938
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "v0.6-openssl-compat-signed"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
PyBitmessage depends on OpenSSL 1.0 but some GNU/Linux systems have
multiple versions installed. Try to locate the correct version.
https://bitmessage.org/forum/index.php/topic,5280.msg11431.html
I don't see anything obviously wrong with it, give me a couple days for a closer code review and testing.
@PeterSurda perhaps you should check the landscape.io integration because landscape does highlight an obvious issue which looks like a showstopper on Windows.
Landscape.io Code Review for Pull Request #938
Edit: It seems only Landscapes successes are showing up. There should be brown dots when a check is pending and red X's if there are issues with a commit/pull request. This is possibly a configuration issue as these indicators appear on other repositories that use Landscape.
@wfr that was fast. I don't see any other issues preventing this being accepted as it is.
Wouldn't it be better to support both 1.0.x and 1.1.0? If
SSLeay_version
fails, tryOpenSSL_version
and analogously withSSLeay
->OpenSSL_version_num
. Or did something else change in 1.1.0? I don't have a suitable VM available now, can you test it?src/bitmessageqt/support.py
would also have to be changed analogously.So I checked it with Debian testing. It looks like there are more changed in OpenSSL 1.1.0 that make pyelliptic incompatible:
ECDH_OpenSSL
->EC_KEY_OpenSSL
ECDH_set_method
->EC_KEY_set_method
EVP_CIPHER_CTX_cleanup
->EVP_CIPHER_CTX_reset
EVP_MD_CTX_create
->EVP_MD_CTX_new
EVP_MD_CTX_init
->EVP_MD_CTX_reset
EVP_MD_CTX_destroy
->EVP_MD_CTX_free
Just renaming these looks sufficient. The problem is:
EVP_ecdsa
was deprecated and the relevant code needs to be rewritten to use the'ecdsa-with-SHA1'
method manually.Anyone would like to fix that?
So I tested it and other than the singing / signature verification it seems to work. If someone could fix that, that would be great.
Well, good news,
EVP_ecdsa
can be replaced withEVP_sha1
. I tried it and it works both for signing and verification. So I'll provide my own patch instead and you can keep using OpenSSL 1.1.x.