PrestoXen / openopera-issues

Issue tracker for OpenOpera
26 stars 0 forks source link

Upgrade OpenSSL version from 1.0.0g #6

Open PrestoXen opened 7 years ago

PrestoXen commented 7 years ago

The OpenSSL in here is pretty ancient, and doesn't support the GCM cipher used in 12.18.

Unfortunately we can't just do an in-place upgrade since they've customized the code for it a little, but with some work it could probably be upgraded to 1.0.2j.

Not sure if just upgrading OpenSSL will get GCM working though, probably need to add some glue code in the actual Opera src somewhere for it to use it.

PrestoXen commented 7 years ago

Like someone on /g/ just mentioned it might be worth using LibreSSL instead, although the codebase for that is a lot different to OpenSSL IIRC so merging the Opera changes into it might be a bit of a hassle.

Also not sure if they have API compatible 1.0.x releases or not, if not it'd probably take some work to get Opera to work with it (probably wouldn't be much more difficult than the API changes needed for OpenSSL 1.0.2 though)

TCH68k commented 7 years ago

There is a guy who made a patch which updates the OpenSSL to 1.0.0q. Entry is here: http://gabucino.hu/archive.htm#2017-04-25-16:37:36 And the patch is here: http://data.gabucino.hu/openssl-1.0.0q-opera.diff

Would that solve the problem? Just asking.

Zero3K commented 4 years ago

Any news regarding this issue?

TCH68k commented 4 years ago

Hey, some guy created OpenSSL 1.0.0q, 1.0.0t, 1.0.1u and 1.0.2l patches for Opera: https://github.com/rw3r45/opssl-patches

Zero3K commented 4 years ago

Those patches are out-of-date and don't integrate fully with the browser (most secure sites still don't work even after applying one of them).

TCH68k commented 4 years ago

Well, if it fixes the error 40-es on most sites, then it's better than nothing.

Zero3K commented 4 years ago

I don't think they do.

TCH68k commented 4 years ago

The readme says otherwise. Needs testing.

Zero3K commented 4 years ago

I think they did do what is stated in the readme.