04:17 <kares[m]> hmm I can take a look at this later please open an issue with details including the io-wait context.

04:19 <kares[m]> not sure there's much we can do easily - we can have the callback exist but won't trigger as there's likely no session hook to listen on in the Java SSL engine

04:20 <kares[m]> but understand Ing what io-wait needs we could maybe get smt going ...

04:21 <headius> Yeah I know we are a bit limited here but if we can get something that works without looking like it is insecure we can probably get a patch in

04:22 <headius> I will go ahead and push a branch tonight with the key gems installed during the build

04:22 <headius> Once they install, gem install starts to fail with the relevant errors

04:22 <headius> There are not many diffs in our copy but they are mostly related to SSL context

04:23 <headius> If I had a month and a couple interns we could consider using the SSL wrapper that Netty uses but there's a lot of work to rewrap a new library

06:44 <headius> kares: https://github.com/jruby/jruby/pull/7088

06:44 <headius> the needs are all in net/http where it fiddles with the SSL context

06:45 <headius> the only remaining net gem not being used is net-imap, which has a dependency on strscan

06:45 <headius> strscan is "done" but awaiting review, cleanup, and some licensing

06:45 <headius> you can diff the net-http http.rb versus our modified version to see the diffs

06:46 <headius> I'll be back at this tomorrow, hopefully getting strscan merged and released

08:19 <kares[m]> <headius> "If I had a month and a couple..." <- If I had one or two I would look into just building the whole things using BC APIs if possible ... 😀

08:19 <kares[m]> (BC has a working stable Java SSL engine provider these days I am not sure how much custom APIs they expose)

08:23 <kares[m]> opened: https://github.com/jruby/jruby-openssl/issues/249 on jossl so that I do not forget to look into this the next time I manage to find some time around JOSSL

13:50 <headius> I will help