Fwd: TLS renegotiations (was Re: Please update your Go version to this version)

roger peppe rogpeppe at gmail.com
Mon Jul 22 07:14:13 UTC 2013 

oops, i forgot to reply-all this:

---------- Forwarded message ----------
From: roger peppe <rogpeppe at gmail.com>
Date: 20 July 2013 08:53
Subject: Re: TLS renegotiations (was Re: Please update your Go version
to this version)
To: Julian Edwards <julian.edwards at canonical.com>


That's great news. I would fork crypto/tls into gwacl (you might need
to fork net/http too, but probably not its subdirectories) - I don't
think it will be too much of a maintenance burden, and it seems like
the least disruptive option all round.

Ideally of course it would be nice to get some form of the patch
accepted upstream but, even if that happens, it won't help us until
the next release.

On 20 Jul 2013 06:13, "Julian Edwards" <julian.edwards at canonical.com> wrote:
>
> On Wednesday 17 Jul 2013 20:16:19 Julian Edwards wrote:
> > On Wednesday 17 Jul 2013 13:44:17 David Cheney wrote:
> > > This is the PPA which provides the version of Go we use to build juju
> > > for release
> > >
> > > https://launchpad.net/~james-page/+archive/golang-backports
> > >
> > > This is the version you should use. Please use this version.
> >
> > One slight hiccup.  go-curl does not work on 1.1 (its own tests fail, see
> > https://github.com/andelf/go-curl/issues/15) which in turn breaks gwacl (the
> > Azure library).
> >
> > go-curl is only used because Go itself does not support TLS renegotiations,
> > which are required by Azure.
> >
> > Answers on a postcard ...
>
> So, we have a patch to crypto/tls that handles renegotiations and Jeroen has
> tested that it works fine in gwacl.
>
> The person who contributed this patch is a core Go developer and also said
> that "it's probably not something suitable for upstreaming."
>
> What do you Juju core guys want to do about this?  These options come to mind:
>
>  1. Fix go-curl to work with 1.1
>  2. Carry a patched Go in Ubuntu (but obviously other platforms would be
> broken)
>  3. Fork crypto/tls into a separate package (or put it inside gwacl) with the
> patch.
>
> Anything else?  #3 seems like the easiest way forward at this point.
>
> Thanks
> J
>
> --
> Juju-dev mailing list
> Juju-dev at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev

More information about the Juju-dev mailing list