Bitmessage/PyBitmessage-2024-12-09
Archived
2
0
Fork 0
Code Issues 168 Pull Requests 53 Actions Packages Projects Releases 5 Wiki Activity

Improve OpenSSL library version detection #938

Closed
wfr wants to merge 2 commits from v0.6-openssl-compat-signed into v0.6
pull from: v0.6-openssl-compat-signed
merge into: Bitmessage:v0.6
Conversation 7 Commits 2 Files Changed 4 +80 -6
wfr commented 2017-01-10 03:45:02 +01:00 (Migrated from github.com)
Copy Link

PyBitmessage depends on OpenSSL 1.0 but some GNU/Linux systems have
multiple versions installed. Try to locate the correct version.

https://bitmessage.org/forum/index.php/topic,5280.msg11431.html

PyBitmessage depends on OpenSSL 1.0 but some GNU/Linux systems have multiple versions installed. Try to locate the correct version. https://bitmessage.org/forum/index.php/topic,5280.msg11431.html
PeterSurda commented 2017-01-10 20:55:14 +01:00 (Migrated from github.com)
Copy Link

I don't see anything obviously wrong with it, give me a couple days for a closer code review and testing.

I don't see anything obviously wrong with it, give me a couple days for a closer code review and testing.
bmng-dev commented 2017-01-11 02:27:45 +01:00 (Migrated from github.com)
Copy Link

@PeterSurda perhaps you should check the landscape.io integration because landscape does highlight an obvious issue which looks like a showstopper on Windows.

Landscape.io Code Review for Pull Request #938

Edit: It seems only Landscapes successes are showing up. There should be brown dots when a check is pending and red X's if there are issues with a commit/pull request. This is possibly a configuration issue as these indicators appear on other repositories that use Landscape.

@PeterSurda perhaps you should check the landscape.io integration because landscape does highlight an obvious issue which looks like a showstopper on Windows. [Landscape.io Code Review for Pull Request #938](https://landscape.io/github/Bitmessage/PyBitmessage/pulls/938) Edit: It seems only Landscapes successes are showing up. There should be brown dots when a check is pending and red X's if there are issues with a commit/pull request. This is possibly a configuration issue as these indicators appear on other repositories that use Landscape.
bmng-dev commented 2017-01-11 03:22:03 +01:00 (Migrated from github.com)
Copy Link

@wfr that was fast. I don't see any other issues preventing this being accepted as it is.

@wfr that was fast. I don't see any other issues preventing this being accepted as it is.
PeterSurda commented 2017-01-12 19:46:35 +01:00 (Migrated from github.com)
Copy Link

Wouldn't it be better to support both 1.0.x and 1.1.0? If SSLeay_version fails, try OpenSSL_version and analogously with SSLeay -> OpenSSL_version_num. Or did something else change in 1.1.0? I don't have a suitable VM available now, can you test it? src/bitmessageqt/support.py would also have to be changed analogously.

Wouldn't it be better to support both 1.0.x and 1.1.0? If `SSLeay_version` fails, try `OpenSSL_version` and analogously with `SSLeay` -> `OpenSSL_version_num`. Or did something else change in 1.1.0? I don't have a suitable VM available now, can you test it? `src/bitmessageqt/support.py` would also have to be changed analogously.
PeterSurda commented 2017-01-12 22:13:24 +01:00 (Migrated from github.com)
Copy Link

So I checked it with Debian testing. It looks like there are more changed in OpenSSL 1.1.0 that make pyelliptic incompatible:

  • ECDH_OpenSSL -> EC_KEY_OpenSSL
  • ECDH_set_method -> EC_KEY_set_method
  • EVP_CIPHER_CTX_cleanup -> EVP_CIPHER_CTX_reset
  • EVP_MD_CTX_create -> EVP_MD_CTX_new
  • EVP_MD_CTX_init -> EVP_MD_CTX_reset
  • EVP_MD_CTX_destroy -> EVP_MD_CTX_free

Just renaming these looks sufficient. The problem is:

  • EVP_ecdsa was deprecated and the relevant code needs to be rewritten to use the 'ecdsa-with-SHA1' method manually.

Anyone would like to fix that?

So I checked it with Debian testing. It looks like there are more changed in OpenSSL 1.1.0 that make pyelliptic incompatible: - `ECDH_OpenSSL` -> `EC_KEY_OpenSSL` - `ECDH_set_method` -> `EC_KEY_set_method` - `EVP_CIPHER_CTX_cleanup` -> `EVP_CIPHER_CTX_reset` - `EVP_MD_CTX_create` -> `EVP_MD_CTX_new` - `EVP_MD_CTX_init` -> `EVP_MD_CTX_reset` - `EVP_MD_CTX_destroy` -> `EVP_MD_CTX_free` Just renaming these looks sufficient. The problem is: - `EVP_ecdsa` was deprecated and the relevant code needs to be rewritten to use the `'ecdsa-with-SHA1'` method manually. Anyone would like to fix that?
PeterSurda commented 2017-01-12 23:30:56 +01:00 (Migrated from github.com)
Copy Link

So I tested it and other than the singing / signature verification it seems to work. If someone could fix that, that would be great.

So I tested it and other than the singing / signature verification it seems to work. If someone could fix that, that would be great.
PeterSurda commented 2017-01-13 10:11:37 +01:00 (Migrated from github.com)
Copy Link

Well, good news, EVP_ecdsa can be replaced with EVP_sha1. I tried it and it works both for signing and verification. So I'll provide my own patch instead and you can keep using OpenSSL 1.1.x.

Well, good news, `EVP_ecdsa` can be replaced with `EVP_sha1`. I tried it and it works both for signing and verification. So I'll provide my own patch instead and you can keep using OpenSSL 1.1.x.
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something isn't working as it's supposed to

  
build

Related to building or build system

  
dependencies

Pull requests that update a dependency file

  
developers

The issue is relevant mainly for developers rather than users

  
documentation

   
duplicate

   
enhancement

New feature

  
formatting

Code or UI text formatting

  
invalid

   
legal

   
mobile

Frontend for mobile devices (kivy)

  
obsolete

   
packaging

   
performance

   
protocol

Protocol change

  
question

   
refactoring

   
regression

Some issue, fixed in the past, appears again

  
security

   
test

   
translation

   
usability

   
wontfix
No Label
bug
build
dependencies
developers
documentation
duplicate
enhancement
formatting
invalid
legal
mobile
obsolete
packaging
performance
protocol
question
refactoring
regression
security
test
translation
usability
wontfix
Milestone
Clear milestone
No items
No Milestone
v0.6.2
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Bitmessage/PyBitmessage-2024-12-09#938
No description provided.
Delete Branch "v0.6-openssl-compat-signed"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?