While it is not recommended to substitude OpenSSL with LibreSSL in this
early stage, i wanted to test if it is possible. And it is. There are no
functional or performance-issues, as far as i can test, and building
nginx +
libressl is easy, once you figured out how to do it. The advantages of
using
LibreSSL in the long run, from my point of view:
cleaner code
less bugs
more people involved
p.s.: please forgive those typos and bad english; i wanted to get this
out
bevore the final final
today, QA has to wait
Just a quick comment: OpenSSL’s libs under “.openssl/” isn’t a
result of OpenSSL’s behaviour, but rather a result of “make
install” nginx calls (and the “.openssl” install prefix it
instructs OpenSSL to use).
cleaner code
less bugs
more people involved
Cool.
I personally think that LibreSSL has at least one major advantage:
coding style looks much better/readable.
p.s.: please forgive those typos and bad english; i wanted to get this out
bevore the final final
today, QA has to wait
Just a quick comment: OpenSSL’s libs under “.openssl/” isn’t a
result of OpenSSL’s behaviour, but rather a result of “make
install” nginx calls (and the “.openssl” install prefix it
instructs OpenSSL to use).
maybe we can have a --with-libressl=/path/to/libressl
or something more generic soon? i think
libressl/boringssl are here to stay
libressl is easy, once you figured out how to do it. The advantages
of using
LibreSSL in the long run, from my point of view:
On Mon, Jul 14, 2014 at 08:30:00AM -0400, mex wrote:
Just a quick comment: OpenSSL’s libs under “.openssl/” isn’t a
result of OpenSSL’s behaviour, but rather a result of “make
install” nginx calls (and the “.openssl” install prefix it
instructs OpenSSL to use).
maybe we can have a --with-libressl=/path/to/libressl
or something more generic soon? i think
libressl/boringssl are here to stay
May be, but it’s not something required - it’s just an interface
to simplify builds. And in any case we should give them some time
to stabilize.
…only with versions older than nginx-1.7.0, you need a small patch
(attached) in order to compile nginx-mainline against LibreSSL,
because LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0…
I didn’t send this patch to nginx-devel@ yet, because I’m still trying
to convince them that LibreSSL should present itself as OpenSSL-1.0.1,
in which case no changes to nginx would be necessary.
just Checked opensslv.h, and to the different in 2.0.1 from 2.0.0:
Define LIBRESSL_VERSION_NUMBER 0x20000000L
Define OPENSSL_VERSION_NUMBER 0x20000000L
They’ve added this as a way to differentiate between OpenSSL and
LibreSSL.
i dont know whens Changing What Happens
Define OPENSSL_VERSION_NUMBER 0x10002002L
It should be the version they forked from (i.e. 0x1000107fL).
Multiple people have complained about the OPENSSL_VERSION_NUMBER
change, so hopefully they’ll change it back… If not, then we can
always apply the patch I provided.
Best regards,
Piotr S.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.