-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check the cipher flags to see if the cipher supports aead #7223
Check the cipher flags to see if the cipher supports aead #7223
Conversation
Need is explained here. |
e2e1a30
to
24a7f28
Compare
The |
CI seems to run on macOS sierra, which probably has an old OpenSSL version (maybe 0.9.8zh). Do you know which OpenSSL versions support |
b94b377
to
8e781ed
Compare
@ysbaddaden I think you're on to something there. I'm trying different macOS/OSX versions to see what the oldest version this change would require is, as I can't seem to find any definitive information about when |
327f76b
to
6407f2f
Compare
Supports checking if a cipher supports aead, with an `authenticated?` helper method.
267bb88
to
b853500
Compare
It looks like GCM ciphers aren't supported on macOS v10.12 and lower. When I updated the CI config to For now, I've reverted to |
macOS v10.12 and lower don't support GCM ciphers, so the `authetnicated?` method will never return true. CI currently targets macOS v10.12, this rescue should be removed when CI targets >= 10.13.
b853500
to
2a7e2ed
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like @bcardiff's thoughts on rescuing ArgumentError
in the specs before merge.
begin | ||
cipher = OpenSSL::Cipher.new("aes-128-gcm") | ||
cipher.authenticated?.should eq(true) | ||
rescue ArgumentError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe add a check that its actually an expected ArgumentError by verifying the error message. It should be re-raised if it doesn't match.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could definitely do that, however if the ArgumentError
is originating from anything other than the cipher not being available, it'd raise on the next invocation (line 58/59).
I'm late to the party. The changes are fine. At most I would've try to only accept the exception as a success if the error message is certain, or wrap the whole block of the |
Supports checking if a cipher supports aead, with an
authenticated?
helper method.