diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2024-12-18 19:37:40 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2024-12-22 22:55:39 +0100 |
| commit | 90270f0959d490d56db891809d83c91b3d4b9bf0 (patch) | |
| tree | 80589894ae2a0eda080b6c6cf416882b52eaef7d /debian | |
| parent | 470f5cf449ac20c7d7bf50ad805c72a5f52d256f (diff) | |
hashes, methods: Add OpenSSL backends
Introduce an OpenSSL::Crypto backend for the hashes library
and an OpenSSL::SSL backend for the TLS support in our https
method.
Many thanks to curl for showing the way with how to handle
a CRL file. There are some memory leaks here with the
TlsFd itself as well as the proxy support; and we should
reorganize the code to generate the ssl object as late
as possible.
A peculiar aspect of OpenSSL is that SSL_has_pending() returns
1 even if SSL_read() will fail to read anything and return the
equivalent of EAGAIN. We work around this here by also peeking
ahead 1 byte. I was running a very high RTT connection from
Germany to Australia for testing, and with the peeking it's
using negligible amounts of CPU; before that, it was busy
looping at 100%. Bad OpenSSL!
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/control | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/debian/control b/debian/control index 588539a02..50297362e 100644 --- a/debian/control +++ b/debian/control @@ -17,8 +17,7 @@ Build-Depends: dpkg-dev (>= 1.22.5) <!pkg.apt.ci>, googletest <!nocheck> | libgtest-dev <!nocheck>, libbz2-dev, libdb-dev, - libgnutls28-dev (>= 3.4.6), - libgcrypt20-dev, + libssl-dev, liblz4-dev (>= 0.0~r126), liblzma-dev, libseccomp-dev (>= 2.4.2) [amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x hppa powerpc powerpcspe ppc64 x32], |
