Bug 173676

Summary: Update boringssl to c8ff30cbe716c72279a6f6a9d7d7d0d4091220fa
Product: WebKit Reporter: youenn fablet <youennf>
Component: MediaAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, alex, commit-queue, eric.carlson, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch
achristensen: review+
Patch commit-queue: commit-queue-

youenn fablet
Reported 2017-06-21 16:10:17 PDT
Refresh boringssl to c8ff30cbe716c72279a6f6a9d7d7d0d4091220fa
Attachments
Patch (43.10 MB, patch)
2017-06-21 16:19 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (37.09 MB, patch)
2017-06-22 09:10 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (15.11 MB, patch)
2017-06-22 09:26 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (15.16 MB, patch)
2017-06-22 13:53 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (15.16 MB, patch)
2017-06-22 14:04 PDT, youenn fablet 		achristensen: review+
DetailsFormatted DiffDiff
Patch (15.15 MB, patch)
2017-06-23 16:18 PDT, youenn fablet 		commit-queue: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2017-06-21 16:19:56 PDT
Created attachment 313560 [details] Patch
youenn fablet
Comment 2 2017-06-22 09:10:49 PDT
Created attachment 313635 [details] Patch
youenn fablet
Comment 3 2017-06-22 09:26:51 PDT
Created attachment 313637 [details] Patch
youenn fablet
Comment 4 2017-06-22 13:53:07 PDT
Created attachment 313655 [details] Patch
youenn fablet
Comment 5 2017-06-22 14:04:03 PDT
Created attachment 313657 [details] Patch
Alex Christensen
Comment 6 2017-06-23 15:00:24 PDT
Comment on attachment 313657 [details] Patch Fix the ChangeLog Make sure it compiles on x86_64, arm64, and armv7
youenn fablet
Comment 7 2017-06-23 16:18:45 PDT
Created attachment 313757 [details] Patch
WebKit Commit Bot
Comment 8 2017-06-24 09:52:23 PDT
Comment on attachment 313757 [details] Patch Rejecting attachment 313757 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-03', 'land-attachment', '--force-clean', '--non-interactive', '--parent-command=commit-queue', 313757, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Last 500 characters of output: ing rebase: :040000 040000 63761c0b2fd6e461ca4c24ada885447d550ccbb4 745241f159b2d81b369356f58bbebb1b784c7dd3 M Source Current branch master is up to date. ERROR: Not all changes have been committed into SVN, however the committed ones (if any) seem to be successfully integrated into the working tree. Please see the above messages for details. Failed to run "['git', 'svn', 'dcommit', '--rmdir']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Updating OpenSource Current branch master is up to date. Full output: http://webkit-queues.webkit.org/results/3990916
Alex Christensen
Comment 9 2017-06-27 16:12:14 PDT
https://trac.webkit.org/changeset/218850/webkit
Michael Catanzaro
Comment 10 2017-06-27 21:09:10 PDT
You know, this is bad. Having an alternate TLS stack is bad. Wouldn't the relevant TLS developers at Apple be pretty disappointed to discover that WebKit has started to bundle boringssl? To enable WebRTC for Igalia's ports, we're going to have to strip all of this out. It's not a problem for Chromium, because boringssl is their usual TLS stack. This allows circumventing whatever usual platform-specific configuration you allow. And it could result in TLS connections to the same server possibly not working, or working differently or with different security properties, depending on whether the connection is via WebRTC.
Alejandro G. Castro
Comment 11 2017-06-27 23:29:50 PDT
Ideally we will like to strip this out in the future, but for the current development branch we have updating boringssl was in the TODO, so this is good news because it gets us closer to master and we can forget about the patch. I'll test it this week and check if we can start sending patches upstream, thanks. https://github.com/alexgcastro/webkit/commit/6dd565aa8122eaf9eb69755d9fdbf8d9f58bae71
youenn fablet
Comment 12 2017-06-28 08:17:05 PDT
It makes sense to use system boringssl if available with all necessary features. For other systems, checked-in boringssl source code might be helpful especially since it is planned to be synced with libwebrtc. Agreed that it is bloating the repository. As soon as nobody is using it anymore, it will be great to remove it from the repo.
Alex Christensen
Comment 13 2017-06-28 09:54:49 PDT
I agree that it is bad to have boringssl in WebKit, and we plan to remove it as soon as we can. Unfortunately, that will be a while.
youenn fablet
Comment 14 2017-06-28 10:15:54 PDT
> Having an alternate TLS stack is bad. Right. That said, WebRTC prefers DTLS usually.
Michael Catanzaro
Comment 15 2017-06-28 10:55:23 PDT
(In reply to youenn fablet from comment #14) > Right. That said, WebRTC prefers DTLS usually. FWIW: our TLS stack supports DTLS in addition to normal TLS.
Michael Catanzaro
Comment 16 2017-06-28 10:56:01 PDT
(In reply to youenn fablet from comment #12) > It makes sense to use system boringssl if available with all necessary > features. I don't think boringssl is a system library on any platform, unless I'm much mistaken.
Note You need to log in before you can comment on or make changes to this bug.