9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] ssl deprecation
@ 2021-05-30 13:40 fulton
  2021-05-31 11:55 ` cinap_lenrek
  0 siblings, 1 reply; 3+ messages in thread
From: fulton @ 2021-05-30 13:40 UTC (permalink / raw)
  To: 9front

Quick and dirty ssl deprecation.  Remove it from default kernel
configs, document the change, and keep the code in case anyone needs
it.


Patch: http://okturing.com/src/11142/body
--
Fulton fulton.software!fulton

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [9front] ssl deprecation
  2021-05-30 13:40 [9front] ssl deprecation fulton
@ 2021-05-31 11:55 ` cinap_lenrek
  2021-06-01 22:04   ` ori
  0 siblings, 1 reply; 3+ messages in thread
From: cinap_lenrek @ 2021-05-31 11:55 UTC (permalink / raw)
  To: 9front

and what todo with pushssl(2) and cpu(1), import(4) and oexportfs(4)?

if you kill devssl, you break any remoting supporting with inferno and
classic plan9.

i wanted to kill it along time ago especially as devssl had kernel
crash bugs. but you need to explain the consequences of your changes
clearly and stand the discussion with people wanting to run 9front
together with inferno and labs plan9 installations.

--
cinap

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [9front] ssl deprecation
  2021-05-31 11:55 ` cinap_lenrek
@ 2021-06-01 22:04   ` ori
  0 siblings, 0 replies; 3+ messages in thread
From: ori @ 2021-06-01 22:04 UTC (permalink / raw)
  To: 9front

Quoth cinap_lenrek@felloff.net:
> and what todo with pushssl(2) and cpu(1), import(4) and oexportfs(4)?

the patch deleting obsolete algorithms
also kills it:

	char	*ealgs = "rc4_256 sha1";

so unnice, we killed it twice.

> if you kill devssl, you break any remoting supporting with inferno and
> classic plan9.
> 
> i wanted to kill it along time ago especially as devssl had kernel
> crash bugs. but you need to explain the consequences of your changes
> clearly and stand the discussion with people wanting to run 9front
> together with inferno and labs plan9 installations.

I took a bit of time to look at this; it looks like
it'd be a small patch to use devssl or devtls. maybe
it's time to tell people that they need to apply a
patch?

echoline has been messing around with porting dp9ik,
to 9legacy -- maybe that's another option?

not sure if there are really other options long term
p9sk1/cpu auth is getting moldy and worm-eaten, and
requiring us to keep around code that should really
be dead.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-06-02 12:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-30 13:40 [9front] ssl deprecation fulton
2021-05-31 11:55 ` cinap_lenrek
2021-06-01 22:04   ` ori

9front - general discussion about 9front

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/9front

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 9front 9front/ http://inbox.vuxu.org/9front \
		9front@9front.org
	public-inbox-index 9front

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.9front


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git