Benoit Daloze
Benoit Daloze
> jruby-openssl ... is slow I'm not sure that's the case, and IMHO it would be much better by having the JRuby openssl stdlib use Netty instead of BouncyCastle if...
cc @headius since this is related to JRuby SSL performance
> An alternate implementation would pass the complete buffered HTTP request from the Fiber pool to a Thread pool. [...] Note that it is valuable to execute application requests in...
> Theoretically yes I agree, however Fibers are still implemented on top of Threads in JRuby ([and TruffleRuby](https://github.com/oracle/truffleruby/blob/master/doc/user/compatibility.md#fibers-do-not-have-the-same-performance-characteristics-as-in-mri)), correct? Until JRuby/TruffleRuby integrates an optimized coroutine-based implementation of Fibers, I doubt...
Fun coincidence, I got a truffleruby PR related to openssl 3 today, although I guess it's really caused by MacPorts adding support for OpenSSL 3 recently? FWIW this is what...
Yes, you need to set `PKG_CONFIG_PATH=myopenssl/lib/pkgconfig:$PKG_CONFIG_PATH` as a workaround. This is confusing and comes from openssl extconf.rb, could you please file an issue at https://bugs.ruby-lang.org/ or https://github.com/ruby/openssl? Not respecting `--with-openssl-dir`...
> In summary, the Ruby team might not consider this a “bug”, but `--with-xxx-dir=yyy` actually means “you may (or may not) also find xxx in yyy”, instead of “you must...
The easiest way to install CRuby < 3.1 with a system OpenSSL 3/OpenSSL 3 installed is to use ruby-build which handles this stuff for you out of the box.
> How will ruby-build handle security advisories for the copy of openssl-1.1 that ruby-build compiles from source? Similar to how one would handle security advisories for a Ruby built from...
Somehow you are not mentioning the same awareness is needed when building Ruby from source (e.g. with ruby-install/ruby-build/RVM), if there is a Ruby CVE the fix is to install a...