On Thu, 23 Nov 2023 at 11:57, sebb <seb...@gmail.com> wrote: > > The test suite now runs on ubuntu-latest, windows-latest and > macos-latest with Java 8,11,17,21 > > On macOS, the OpenSSL library path has to be provided, otherwise the > test can crash with > > '"...bin/java is loading libcrypto in an unsafe way" > > AFAICT, this is where libcrypto.dylib does not resolve to a filename > that contains a version number. > (Normally libcrypto.dylib is a link pointing to libcrypto.1.1.dylib or > similar in the same directory) > > I have not yet found this lone library, so I am beginning to wonder if > it is in the dylib cache?
On further investigation, it appears that the default crypto library is a dummy that does not have an in-built version. It does not matter if the file name includes a version or not. That was a red herring. > If so, then macOS will always require the library path to be provided. The user will either have to provide jn[ai].library.path or ensure that there is a suitable library in the current working directory. (This can be a soft link) > I don't think it's possible to trap the error, so it cannot be > automatically recovered. > It might perhaps be possible to use dlopen_preflight() to check if a > file exists; will need to run further checks. > AFAICT, dlopen_preflight() returns true if (and only if) the library load will succeed, so could be used to avoid a crash. It has to do the same checks as dlopen(), so should only be used if necessary. I think it would make sense to only do the check if the user has not provided a library path. This could be added to the JNI loads quite easily. However so far I have been unable to get the method working in the JNA case. It would need to be done in an independent class that is only loaded on macOS. > On Sat, 18 Nov 2023 at 03:26, Alex Remily <alex.rem...@gmail.com> wrote: > > > > Just pulled master and successfully ran tests against OpenSSL 3.1.3 on Mac > > OS 11 BigSur. Nice work sebb! > > > > Apache Commons Crypto 1.2.1-SNAPSHOT > > > > Native code loaded OK: 1.2.1-SNAPSHOT > > > > Native name: Apache Commons Crypto > > > > Native built: Nov 17 2023 > > > > OpenSSL library loaded OK, version: 0x30100030 > > > > OpenSSL library info: OpenSSL 3.1.3 19 Sep 2023 > > > > DLL name: libcrypto.dylib > > > > DLL path: /usr/local/Cellar/openssl@3/3.1.3/lib/libcrypto.3.dylib > > > > Additional OpenSSL_version(n) details: > > > > OpenSSLVersion(1): compiler: clang -fPIC -arch x86_64 -O3 -Wall -DL_ENDIAN > > -DOPENSSL_PIC -D_REENTRANT -DOPENSSL_BUILDING_OPENSSL -DNDEBUG > > > > OpenSSLVersion(2): built on: Tue Sep 19 13:01:49 2023 UTC > > > > OpenSSLVersion(3): platform: darwin64-x86_64-cc > > > > OpenSSLVersion(4): OPENSSLDIR: "/usr/local/etc/openssl@3" > > > > OpenSSLVersion(5): ENGINESDIR: "/usr/local/Cellar/openssl@3 > > /3.1.3/lib/engines-3" > > > > OpenSSLVersion(6): 3.1.3 > > > > OpenSSLVersion(7): 3.1.3 > > > > OpenSSLVersion(8): MODULESDIR: "/usr/local/Cellar/openssl@3 > > /3.1.3/lib/ossl-modules" > > > > OpenSSLVersion(9): CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x27ab > > > > Random instance created OK: > > org.apache.commons.crypto.random.OpenSslCryptoRandom@30c4e352 > > > > Cipher AES/CTR/NoPadding instance created OK: > > org.apache.commons.crypto.cipher.OpenSslCipher@673c4f6e > > > > On Tue, Nov 14, 2023 at 8:27 AM sebb <seb...@gmail.com> wrote: > > > > > On Tue, 14 Nov 2023 at 13:17, Alex Remily <alex.rem...@gmail.com> wrote: > > > > > > > > That's fantastic. I read that there were big API changes with the move > > > to > > > > OpenSSL 3, but maybe those changes were not in the functionality that > > > > commons crypto exposes. Have you merged into master yet? I look > > > > forward > > > > to playing around with it. > > > > > > Yes, it is in master. > > > > > > > Alex > > > > > > > > On Wed, Nov 8, 2023 at 7:12 PM sebb <seb...@gmail.com> wrote: > > > > > > > > > Crypto now builds and tests OK on > > > > > macOS-latest - OpenSSL 3.1.4 24 Oct 2023 > > > > > and > > > > > Ubuntu-latest - OpenSSL 3.0.2 15 Mar 2022 > > > > > Tested with Java 8 and 21 > > > > > > > > > > I only had to allow for two changed names: > > > > > > > > > > EVP_CIPHER_CTX_block_size => EVP_CIPHER_CTX_get_block_size > > > > > EVP_CIPHER_flags => EVP_CIPHER_get_flags > > > > > > > > > > This seems too easy, so I suspect there may be some missing tests. > > > > > > > > > > Sebb > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
