Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[suggestion] Switch to libssl v3 on iroha v1 #4343

Open
v-a-net opened this issue Mar 5, 2024 · 1 comment
Open

[suggestion] Switch to libssl v3 on iroha v1 #4343

v-a-net opened this issue Mar 5, 2024 · 1 comment
Labels
1.x Enhancement New feature or request iroha1 The legacy version of Iroha.

Comments

@v-a-net
Copy link
Contributor

v-a-net commented Mar 5, 2024
edited
Loading

Feature request

Since LibSSL has dropped the support of SSL 1.X (ref : https://www.openssl.org/source/), iroha 1 should switch from OpenSSL v1 to OpenSSL v3 in order to avoid future security issues.

Motivation

Who can help?

@6r1d @baziorek
@v-a-net v-a-net added Enhancement New feature or request iroha2-dev The re-implementation of a BFT hyperledger in RUST labels Mar 5, 2024
@v-a-net v-a-net closed this as not planned Won't fix, can't repro, duplicate, stale Mar 5, 2024
@v-a-net v-a-net reopened this Mar 5, 2024
@baziorek baziorek added the 1.x label Mar 6, 2024
@baziorek
Copy link
Contributor

baziorek commented Mar 6, 2024

Feature request

Since LibSSL has dropped the support of SSL 1.X (ref : https://www.openssl.org/source/), iroha 1 should switch from OpenSSL v1 to OpenSSL v3 in order to avoid future security issues.

Motivation

Who can help?

@6r1d @baziorek

Thanks @v-a-net for Your suggestion. I checked file with dependencies: https://github.com/hyperledger/iroha/blob/main/vcpkg/VCPKG_DEPS_LIST and there is no OpenSSL dependency.

I also checked installed dependencies of VCPKG and there is openssl:

./vcpkg list | grep -i ssl
libpq[openssl]:x64-linux                                            support for encrypted client connections and ran...
openssl:x64-linux                                  1.1.1k           OpenSSL is an open source project that provides ...

So it means something is using openssl with older version. Probably it is soci -> libpg -> openssl.

To make this good vcpkg should be upgraded to newest version, unfortunately this would require fixing some SFINAE compilation errors in tests. Once I tried without success, so we need less professional way.
Once I tried to upgrade some dependencies: #3862 but it was not success to upgrade all of them (and one of them was soci, which uses boost), but boost is not easy to upgrade because of SFINAE problems.

How it can be done fastest way: trying to upgrade onli openssl with path to vcpkg and hopefully it will work.

About me: probably I will have more time after Easter, so after that time I can try to upgrade openssl.

@mversic mversic removed the iroha2-dev The re-implementation of a BFT hyperledger in RUST label Mar 28, 2024
@nxsaken nxsaken added the iroha1 The legacy version of Iroha. label Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1.x Enhancement New feature or request iroha1 The legacy version of Iroha.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baziorek @nxsaken @mversic @v-a-net