Round #2 of LibSsl shim work #4026
Conversation
There was a problem hiding this comment.
Doubt: Doesn't this macro already exist in ssl header files?
There was a problem hiding this comment.
I'm equally confused. I see this for 0.9.8zg in ssl_locl.h. If that's not automatically in the include chain, should we just include it? At least for the 0.9.8 series?
There was a problem hiding this comment.
Yes, these values are in the source file ssl_locl.h. But neither that file nor those defines appear anywhere in the header files on my Mac.
Any suggestions?
There was a problem hiding this comment.
neither that file nor those defines appear anywhere in the header files on my Mac.
Ah, well, that's a good enough reason for me :)
There was a problem hiding this comment.
Agree.. sounds reasonable to me. We had same problem with some other macros that are only available in the source code but not in public headers
|
LGTM |
There was a problem hiding this comment.
Do we expose these two ErrGetError and ErrGetErrorAlloc APIs because the only error code we need to know about is ERR_R_MALLOC_FAILURE, and this is a simpler approach than PAL'ing all error codes?
There was a problem hiding this comment.
Yes, the MALLOC_FAILURE is the only error code we needed to know about. When we need to know about more, we can make a PAL enum for it.
|
LGTM |
There was a problem hiding this comment.
Casing consistency: Everything else was "Ssl", this is "SSL"
|
A few minor points, but otherwise LGTM. |
There was a problem hiding this comment.
The declarations in the .h should be things that managed code can depend on unconditionally. There shouldn't be ifdefs changing enum values. If these are only used in the implementation and not expected to be known values to managed code, move them to the .cpp.
There was a problem hiding this comment.
That makes sense. I'll move them to the .cpp as these values are only used by the native code, and not managed.
I am actively working on this in a separate change (now that I am understanding CMake a little more...). I plan on using #cmakedefin01, configure.cmake, config.h.in, like the existing files. These will be in separate, Crypto specific files. |
Thanks. :) |
|
@eerhardt, just FYI, this needs to be rebased to fix conflicts. |
I also moved the SSL SafeHandle classes out of the Interop class to be better aligned with the rest of the SafeHandles.
Instead of having managed code duplicate the SSL_CIPHER struct, moving all the code that uses the cipher struct into a native shim method. That also pulled a lot of algorithm constants to be defined in native instead of managed.
|
Rebased and responded to PR feedback. |
There was a problem hiding this comment.
General question: why do we have to hard-code these constants? Can't we get them from openssl headers? What guarantees/checks do we have to make sure they're right?
There was a problem hiding this comment.
See #4026 (comment)
Honestly AFAIK, there isn't a way to check/guarantee these values since they aren't defined in headers on either my Linux or OSX machine. I sort of question whether what we are using is a "public" API. The struct is visible, but it just exposes unsigned long members with no exposed defines for their values.
There was a problem hiding this comment.
@vijaykota and @shrutigarg - do you have any ideas on this issue?
There was a problem hiding this comment.
I'm going to go ahead and merge this. If there's a better way to approach this, we can do it in a separate PR. Thanks!
There was a problem hiding this comment.
I filed https://github.com/dotnet/corefx/issues/4074 to track that.
There was a problem hiding this comment.
Hey guys, maybe not exactly relevant to this discussion, but I upgraded a new mac as is to El Capitan (v10.11.1) and it wasn't succeeding git clean -xdf; ./build.sh native with latest AppleClang / Xcode (yesterday's updates) applied. I had to run brew link --force openssl (yeah i had to install brew first). Now it compiles 100% there as well. (more and moar platforms coverage is the spirit!) :)
There was a problem hiding this comment.
Thanks, @jasonwilliams200OK . See #3924 for more details on issues with El Capitan.
There was a problem hiding this comment.
since they aren't defined in headers on either my Linux or OSX machine
@eerhardt, we haven't found a way around this either
|
LGTM. I had one more question. |
|
LGTM |
Round #2 of LibSsl shim work
…to getdomainname and looking for a warning. Fixing unused parameters build error on OSX. Update for PR feedback. - Collapse the 3 HAVE_INOTIFY defines into a single define.
ghost
mentioned this pull request
Round dotnet/corefx#2 of LibSsl shim work Commit migrated from dotnet/corefx@00f9ebc
8 participants
Add shims for the next set of SSL interop methods.
I also moved the SSL SafeHandle classes out of the Interop class to be
better aligned with the rest of the SafeHandles.
Instead of having managed code duplicate the SSL_CIPHER struct, moving all the code that uses the cipher struct into a native shim method.
That also pulled a lot of algorithm constants to be defined in native instead of managed.
@bartonjs @stephentoub @vijaykota @rajansingh10 @shrutigarg @nguerrera