Open SSL v 1.1 support

[svmakarov]

Hello.

I investigate libsourcey library for my project. I'm trying to build libsourcey on my Linux machine.

And I have problem with src/crypto/src/hash.cpp file. I have the last version of Open SSL lib on my computer (v 1.1). And it seems that src/crypto/src/hash.cpp can work only with previous version of OpenSSL (v 1.0.2). But I have found commented code in hash.cpp that allows to work with OpenSSL v.1.1 (it was commited 01/20/2017 03:01 "Update crypto to support latest OpenSSL API").

So, the question is: Do I have any way today to work with Open SSL 1.1, can I just uncomment the Open SSL 1.1 support. Do you going to add support of Open SSL 1.1 in near future or the best way is to use Open SSL 1.0.2 with libsourcey library?

[auscaster]

Unfortunately support for 1.1 is only partial at this time, and there is still some work to be done to fully support 1.1.

1.0.2 is still the goto for linux packages as well as the API used by BoringSSL which we also support, so please stick with that for now.

On 29 November 2017 at 07:05, svmakarov notifications@github.com wrote:

Hello.

I investigate libsourcey library for my project. I'm trying to build libsourcey on my Linux machine.

And I have problem with src/crypto/src/hash.cpp file. I have the last version of Open SSL lib on my computer (v 1.1). And it seems that src/crypto/src/hash.cpp can work only with previous version of OpenSSL (v 1.0.2). But I have found commented code in hash.cpp that allows to work with OpenSSL v.1.1 (it was commited 01/20/2017 03:01 "Update crypto to support latest OpenSSL API").

So, the question is: Do I have any way today to work with Open SSL 1.1, can I just uncomment the Open SSL 1.1 support. Do you going to add support of Open SSL 1.1 in near future or the best way is to use Open SSL 1.0.2 with libsourcey library?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sourcey/libsourcey/issues/204, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGKDDF9xFbBXNTyCofV9ng2qMsNdH3Vks5s7PQ0gaJpZM4QudyL .

[svmakarov]

Thanks for quick answer and I have one more question according SSL. Is it possible to make Secured Web Socket (wss://) server with libsourcey? If yes is there any example how to do Secured Web Socket server (wss://)?

And according implementation of SSL 1.1, do you plan with this task? Is it going to be done in next month, next half year, next year or there are no any plans with it?

[auscaster]

Yes the HTTP server handles websocket connections (including wss) by default, just raise a server as per src/http/samples/httpechoserver/httpechoserver.h.

I honestly don't have plans at this point, but once SSL 1.1 becomes the standard for linux packages (or BoringSSL updates their API) I will update the code.

On 29 November 2017 at 12:17, svmakarov notifications@github.com wrote:

Thanks for quick answer and I have one more question according SSL. Is it possible to make Secured Web Socket (wss://) server with libsourcey? If yes is there any example how to do Secured Web Socket server (wss://)?

And according implementation of SSL 1.1, do you plan with this task? Is it going to be done in next month, next half year, next year or there are no any plans with it?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/sourcey/libsourcey/issues/204#issuecomment-347830129, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGKDCFXct9tdlTBryUvByZNhmJlb0naks5s7T1XgaJpZM4QudyL .

[svmakarov]

I'm trying to run the default example (libsourcey/src/http/samples/httpechoserver/httpechoserver.cpp, I have insert the code bellow message).

Then I go to address http://127.0.0.1:1337 and it opens correctly. If I try to open https://127.0.0.1:1337 in browser then I get "This site can’t be reached" message. Also if I try to connect to ws://127.0.0.1:1337 from JavaScript it works correctly. But I can't connect to wss://127.0.0.1:1337.

I'm trying to uncomment following strings with SSLManager initialization in httpechoserver.cpp but there are also no any result. // net::SSLManager::initNoVerifyServer(); // net::SSLManager::instance().shutdown();

Could you please explain where I'm wrong? May be I should make some specific initialization, or specify different port for SSL by some way or anything else?

int main(int argc, char** argv) { // NOTE: For best performance the HTTP server should be compiled on // Linux kernel 3.9 or newer in RELEASE mode with ENABLE_LOGGING=OFF

ifdef SCY_UNIX

int ncores = std::thread::hardware_concurrency();
// std::cout << "threadpool size: " << ncores << std::endl;
setenv("UV_THREADPOOL_SIZE", std::to_string(ncores).c_str(), 1);

endif

// Logger::instance().add(new ConsoleChannel("debug", Level::Trace));
// Logger::instance().setWriter(new AsyncLogWriter);
// net::SSLManager::initNoVerifyServer();
{
    raiseBenchmarkServer();
    // runMulticoreBenchmarkServers();
    // runMulticoreEchoServers();
    // rlibuv::raiseBenchmarkServer();

// #if SCY_HAS_KERNEL_SOCKET_LOAD_BALANCING // runMulticoreBenchmarkServers(); // #else // raiseBenchmarkServer(); // #endif } // net::SSLManager::instance().shutdown(); Logger::destroy(); return 0; }

[svmakarov]

I can initialize Server with SSL socket, then I can access it by https:// and wss://. But in this case when I try access server with http:// or ws:// it crash on handshake. I still can't understand what the right way of use SSL.

uint16_t port = 1337;
net::Address addr("0.0.0.0", port);

auto loop = uv::createLoop();

auto sslContext = std::shared_ptr<net::SSLContext>(new net::SSLContext(
    net::SSLContext::SERVER_USE,
    (std::string(SCY_SOURCE_DIR) + "/net/tests/key.pem"),
    (std::string(SCY_SOURCE_DIR) + "/net/tests/cert.pem"),
    "", net::SSLContext::VERIFY_NONE, 9, false,
    "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"));

auto sslSocket = std::make_shared<net::SSLSocket>(sslContext, loop);

http::Server srv(addr, sslSocket);
srv.start();

[jradxl]

Any update on this - ie, when will you support OpenSSL 1.1.0f Trying to build on Debian 9 Or, can I work round this somehow?

[auscaster]

Not yet sorry, if someone has the time it would be a big help 👍