cfbolz changed the topic of #pypy to: #pypy PyPy, the flexible snake | IRC logs: and | hacking on TLS is fun, way more fun than arguing over petty shit, turns out
Atque has joined #pypy
Atque has quit [Quit: ...]
stkrdknmibalz has quit [Quit: WeeChat 3.0.1]
mattip has quit [Ping timeout: 252 seconds]
mattip has joined #pypy
<mattip> fijal: would it make any sense to approach the _ssl buffer problem from another direction
<mattip> and rewrite parts of it in C, or at least allocate the buffer as a C array
<mattip> I guess not, since you don't control the "b" in "sendall(b)"
<cfbolz> mattip: indeed, the b comes from the user usually
<fijal> mattip: I think it kinda defeats the point of cffi
<fijal> in a way
<fijal> but we can try that, to some extent
<fijal> anyway, me and armin got sucked into strange expired certificates
<fijal> (for VR Sketch)
<fijal> well ok, so generally "fuck you"?
<fijal> like, if I can't update the client code, then it's just not going to work
<fijal> nice
<LarstiQ> I'm not sure if that is it, but since this was a recent issue I thought it might be relevant
<mattip> yeah, you have to move to OpenSSL 1.1.0 or greater, so good luck with ubuntu 16.04 or python2, pypy2
<fijal> LarstiQ: this is pretty horrendous
<LarstiQ> fijal: well, also CA certs expire, there isn't really a way around that?
<fijal> they should get a new one no?
<fijal> the point is that they are relying on their self-signed cert that was introduced to a lot of software
<fijal> that's a bit dodgy, IMO
<nimaje> well a root cert expired and some software wasn't prepared for that (and as I understand that article their recommond setup is to send two chains one with the expired root cert and a second with a valid root cert for compatibility with some android versions as they keep trusting that root cert for some reason and don't trust the new root cert, but that doesn't works with openssl 1.0.* as it sees the
<nimaje> first invalid chain and just fails instead of looking at the second chain, which would be valid)
Julian has joined #pypy
<Dejan> fijal, every root CA is self-signed, right?
jkovac11 has joined #pypy
jkovac1 has quit [Ping timeout: 264 seconds]
jkovac11 is now known as jkovac1
jacob22 has quit [Quit: Konversation terminated!]
Atque has joined #pypy
<tumbleweed> looks like there's some bug in the VFP detection on 32bit ARM in pypy3.7 7.3.6rc2
* tumbleweed digs into it
<tumbleweed> and some weird stack overflow building pypy2.7 on ppc64 (big endian):
jacob22 has joined #pypy
Julian has quit [Ping timeout: 245 seconds]
Julian has joined #pypy
<agronholm> mattip: the latest py2 image on Docker hub at least works with the new LE certs; I had to update a legacy app today because of that issue
agronholm has quit [Ping timeout: 246 seconds]
samth has quit [Ping timeout: 260 seconds]
yizawa has quit [Ping timeout: 245 seconds]
ctismer has quit [Ping timeout: 252 seconds]
idnar has quit [Ping timeout: 250 seconds]
phlebas has quit [Ping timeout: 250 seconds]
eamanu has quit [Ping timeout: 260 seconds]
graingert has quit [Ping timeout: 250 seconds]
samth has joined #pypy
krono has quit [Ping timeout: 240 seconds]
cfbolz has quit [Ping timeout: 260 seconds]
jerith has quit [Ping timeout: 260 seconds]
fijal has quit [Ping timeout: 260 seconds]
phlebas has joined #pypy
jerith has joined #pypy
yizawa has joined #pypy
eamanu has joined #pypy
krono has joined #pypy
cfbolz has joined #pypy
fijal has joined #pypy
graingert has joined #pypy
idnar has joined #pypy
agronholm has joined #pypy
Atque has quit [Quit: ...]
ctismer has joined #pypy
Julian has quit [Quit: leaving]
stkrdknmibalz has joined #pypy
Atque has joined #pypy
stkrdknmibalz has quit [Ping timeout: 245 seconds]
<tumbleweed> ah, that vfp detection issue is a red-herring, the issue I'm seeing is due to calling the JIT's detect_cpu in get_multiarch()
<tumbleweed> it broke on *all* the non-JIT architectures
<tumbleweed> and the multiarch values returned aren't correct anyway...
<tumbleweed> on i386 I get sys.implementation._multiarch -> x86-linux-gnu, it should be i386-linux-gnu
<tumbleweed> mattip: can you elaborate on the thinking behind 5f72d59b9aa1 ? Because that would return the correct values (for my use-case at last)