Closed pgroce closed 7 years ago
The new version is now on CRAN. Can you confirm that it works now?
install.packages("openssl")
I'm very sorry for the late response, but I haven't been able to get this back on my priority list for a while. I can confirm that the openssl package builds and installs successfully against libressl.
Alas, I don't think using libressl in R is as easy as just modifying this library; git2r also appears to depend on C-level openssl, and expects symbols to exist that don't seem to in libressl. Time to file another bug elsewhere, I suppose. :)
Notwithstanding that, I think this bug can be closed. If I run into any bad behavior directly related to this package, I'll let you know.
phil
On Tue, Jan 3, 2017 at 9:00 AM, Jeroen Ooms notifications@github.com wrote:
The new version is now on CRAN. Can you confirm that it works now?
install.packages("openssl")
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jeroenooms/openssl/issues/37#issuecomment-270119839, or mute the thread https://github.com/notifications/unsubscribe-auth/ADXu6PYS0JlrfQSi6dxKmw-_uKpg8jVeks5rOlSBgaJpZM4LXVeO .
I don't know if this counts as a bug or a feature request; you be the judge. Also, I apologize for my lack of facility with R; my current role is as a systems integrator, not an end-user.
I'm trying to build openssl on an Alpine Linux system. (As part of producing a Docker image, FWIW.)
openssl
is one of the dependency packages for an R package I want to install. Alpine recently changed its default OpenSSL API provider from OpenSSL to LibreSSL. This seems to be causing problems when loading your package.I'm attaching the output of
install.packages(... keep_outputs=TRUE)
, but the crux of the problem seems to be:(The build output complains about other
*_get0_*
functions, which I haven't investigated. Being unfamiliar with the codebase, they might be problems, too.)Looking at the OpenSSL and LibreSSL source code, it seems that
RSA_get0_crt_params
is, indeed, not present in the LibreSSL codebase. LibreSSL is known to have tried to improve OpenSSL's security by removing code whose risk is deemed to exceed its usefulness; I suspectRSA_get0_crt_params
and friends are casualties of that.First, do you think I'm correct in concluding that your package isn't compatible with LibreSSL? My apologies if I'm misdiagnosing my problem.
Assuming I'm correct, have you thought about supporting LibreSSL (or at least looking into it if you haven't)? From a cursory understanding derived from researching this problem, "LibreSSL support" mostly seems to mean
Most of the things LibreSSL has disabled are problematic anyway (e.g. SSLv3). Here's an example of a project working with both libraries that I came across.
I'm going to continue trying to work around the problem, but I thought I would bring it to your attention. Thanks for your work on this package.