baziorek
commented
6 months ago Feature request
Since LibSSL has dropped the support of SSL 1.X (ref : https://www.openssl.org/source/), iroha 1 should switch from OpenSSL v1 to OpenSSL v3 in order to avoid future security issues.
Motivation
Who can help?
@6r1d @baziorek
Thanks @v-a-net for Your suggestion. I checked file with dependencies: https://github.com/hyperledger/iroha/blob/main/vcpkg/VCPKG_DEPS_LIST and there is no OpenSSL dependency.
I also checked installed dependencies of VCPKG and there is openssl:
./vcpkg list | grep -i ssl
libpq[openssl]:x64-linux support for encrypted client connections and ran...
openssl:x64-linux 1.1.1k OpenSSL is an open source project that provides ...So it means something is using openssl with older version. Probably it is soci -> libpg -> openssl.
To make this good vcpkg should be upgraded to newest version, unfortunately this would require fixing some SFINAE compilation errors in tests. Once I tried without success, so we need less professional way. Once I tried to upgrade some dependencies: https://github.com/hyperledger/iroha/pull/3862 but it was not success to upgrade all of them (and one of them was soci, which uses boost), but boost is not easy to upgrade because of SFINAE problems.
How it can be done fastest way: trying to upgrade onli openssl with path to vcpkg and hopefully it will work.
About me: probably I will have more time after Easter, so after that time I can try to upgrade openssl.
Feature request
Since LibSSL has dropped the support of SSL 1.X (ref : https://www.openssl.org/source/), iroha 1 should switch from OpenSSL v1 to OpenSSL v3 in order to avoid future security issues.
Motivation
Who can help?
@6r1d @baziorek