[erlang-questions] [centos-7]With newer Erlang versions has the eliptic curve crypto situation changed?

Hans Nilsson R hans.r.nilsson@REDACTED
Fri May 4 14:40:51 CEST 2018 

The patch will be OTP-20.3.6 in next week.

I'm sorry, but we will not do a patch on earlier 20 releases. However, the new crypto (crypto-4.2.2) *could* work in an OTP-20.2 environment, but I haven't tried.

/Hans

On 05/04/2018 02:07 PM, Nicholas Lundgaard wrote:
> Hans,
> 
> Regarding this issue, which 20.x versions will this patch be applied to? Is it possible to have a 20.2.x patch in addition to the one for the latest 20.3.x?
> 
> If it's possible to know what the timeframe is on a patch release, I would really appreciate it. We deploy onto CentOS 6/7 at my company; just last night I was just working on updating our Erlang version from 20.1.7 to 20.2.4 and encountered this issue. We would remain on 20.1.7, but it has an issue with SSL Server Name Indication that have been fixed in 20.2[1] which has caused us problems recently.
> 
> Thanks,
> —Nicholas Lundgaard
> 
> [1]: https://github.com/erlang/otp/commit/78a9a09af9216a2dea454f561e0774e67a15c361
> 
>> From: Hans Nilsson R <hans.r.nilsson@REDACTED>
>> Subject: Re: [erlang-questions] [centos-7]With newer Erlang versions has the eliptic curve crypto situation changed?
>> Date: May 4, 2018 at 4:54:29 AM CDT
>> To: Bryan Hunt <bryan.hunt@REDACTED>, <erlang-questions@REDACTED>
>>
>>
>> Thanks!
>>
>> Will be fixed in OTP-21.0-rc2 and in a patch on OTP-20 which also has this error.
>>
>> It is the engine support down in openssl that has problems, so I simply disable our engine support if EC is disabled.
>>
>> /Hans
>>
>> On 05/03/2018 09:23 PM, Bryan Hunt wrote:
>>>
>>> Hi,
>>>
>>> Before, when building OTP I always set the compile time option to disable elliptic curve cryptography using the 
>>> CFLAGS environmental variable (RHEL doesn’t ship with it) : 
>>>
>>> ```
>>> export CFLAGS="-DOPENSSL_NO_EC=1"
>>> ./otp_build configure  \
>>>        --without-odbc \
>>>        --without-cosEventDomain \
>>>        --without-cosEvent \
>>>        --without-cosFileTransfer \
>>>        --without-cosNotification \
>>>        --without-cosProperty \
>>>        --without-cosTime \
>>>        --without-cosTransactions \
>>>        --without-debugger \
>>>        --without-et \
>>>        --without-gs \
>>>        --without-ic \
>>>        --without-javac \
>>>        --without-jinterface \
>>>        --without-megaco \
>>>        --without-observer \
>>>        --without-orber \
>>>        --without-percept \
>>>        --without-typer \
>>>        --without-wx \
>>>        --without-tv \
>>>        --without-diameter \
>>>        --without-hipe
>>> ```
>>>
>>> And that still works for the older versions. 
>>>
>>> But when applied to OTP-21.0-rc1 I receive the following error : 
>>>
>>> ```
>>> gmake[6]: Entering directory `/root/otp/lib/crypto/c_src'
>>> CC     ../priv/obj/x86_64-unknown-linux-gnu/crypto.o
>>> In file included from /usr/include/openssl/ecdh.h:78:0,
>>>                 from /usr/include/openssl/engine.h:86,
>>>                 from crypto.c:63:
>>> /usr/include/openssl/ec.h:82:4: error: #error EC is disabled.
>>> #  error EC is disabled.
>>>    ^
>>> gmake[6]: Leaving directory `/root/otp/lib/crypto/c_src'
>>> gmake[6]: *** [../priv/obj/x86_64-unknown-linux-gnu/crypto.o] Error 1
>>> gmake[5]: *** [release_spec] Error 2
>>> gmake[5]: Leaving directory `/root/otp/lib/crypto/c_src'
>>> gmake[4]: *** [release] Error 2
>>> gmake[4]: Leaving directory `/root/otp/lib/crypto/c_src'
>>> gmake[3]: *** [release] Error 2
>>> gmake[3]: Leaving directory `/root/otp/lib/crypto/c_src'
>>> gmake[2]: *** [release] Error 2
>>> gmake[2]: Leaving directory `/root/otp/lib/crypto'
>>> gmake[1]: Leaving directory `/root/otp/lib'
>>> gmake[1]: *** [release] Error 2
>>> gmake: *** [release] Error 2
>>> The command '/bin/sh -c ./build-erlang.sh' returned a non-zero code: 1
>>> Unable to find image 'bryanhuntesl/centos7-erlang:OTP-21.0-rc1' locally
>>> docker: Error response from daemon: manifest for bryanhuntesl/centos7-erlang:OTP-21.0-rc1 not found.
>>> See 'docker run --help’.
>>> ```
>>>
>>> Has this behaviour changed recently ?
>>>
>>> Bryan
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
> 
>

More information about the erlang-questions mailing list