these bugs induced by openssl 3 are so exhausting
@ariadne i love having an application crash because checks notes the CPU supports vector instructions
@kescher @ariadne have they not tested it
@lotte @kescher not exhaustively, but hey, they are bullying distros into taking it by revoking maintenance of openssl 1.1 :)
@lanodan they are, but apparently they think they can just do this shit now that they're the de-facto standard crypto library, especially for TLS @lotte @ariadne
@kescher @lanodan @lotte @ariadne rustls is a thing... of course I know projects can't just switch to it easily, but there are alternatives to OpenSSL
@be @kescher @lanodan @lotte
rustls + ring ain't it, sorry
@lanodan @kescher @lotte @ariadne TIL ring's build.rs compiles some C forked from BoringSSL
@be @lanodan @kescher @lotte
ring is just basically "we took boringssl libcrypto and pretend it's memory safe"
also, the maintainer is a jerk
while i am sure that it is hard to screw up the memory safety of a block cipher, there are things in ring where you can't just handwave in memory safety like that.
@ariadne @lanodan @kescher @lotte welp this is an interesting discussion https://github.com/libp2p/rust-libp2p/discussions/1975 🍿
@ariadne @lanodan @kescher @lotte hot damn the ring maintainer is an asshole https://github.com/briansmith/ring/issues/774
For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).