Make the location of OpenSSL configurable #201
Conversation
Apple devices as well as older software installations of Linux are likely to have too old OpenSSLs for the token signing to work. Fix this by making the location of the OpenSSL binary configurable in the configuration knobs.
src/apns_utils.erl
Outdated
| Command = "printf '" ++ | ||
| binary_to_list(Data) ++ | ||
| "' | openssl dgst -binary -sha256 -sign " ++ KeyPath ++ " | base64", | ||
| "' | " ++ Openssl ++ " dgst -binary -sha256 -sign " ++ KeyPath ++ " | base64", |
There was a problem hiding this comment.
Line 41 is too long: "' | " ++ Openssl ++ " dgst -binary -sha256 -sign " ++ KeyPath ++ " | base64",.
|
Hi @jlouis, Thanks for using apns4erl! Actually the new HTTP2 APNs API requires to have openssl updated since it needs using TLS 1.2+ Do you think we will need this patch having in mind openssl should be updated? If the answer is yes, of course we are willing to take it in :) Thanks |
|
If you use something like "brew" on OSX, the Erlang binary will be compiled with a recent OpenSSL, supporting TLS 1.2+ and so on. But the By making the executable into a knob you can turn, it is far easier to configure the system in an operations-situation. Leave the existing OpenSSL installation be on the machine, build an Erlang with its own linkage to a newer openssl, and arrange the location of the binary to be somewhere else. This leaves the existing installation untouched, but provides a newer TLS for the Erlang installation. Perhaps in the future with a mature docker or kubernetes, this is less useful. But I think it should go in for now. |
Using openssl_path could be interpreted as a directory to the bin-directory, not the `openssl(1)` command itself. Correct this by using a better name.
|
This should fix the naming of the OpenSSL command and also make elvis happy. Remaining is to document this in the README file. Do you want me to go ahead and do that? |
| @@ -13,6 +13,9 @@ | |||
| ]}, | |||
| {modules, []}, | |||
| {mod, {apns_app, []}}, | |||
| {env, [ | |||
| {openssl_command, "openssl"} | |||
There was a problem hiding this comment.
we should write some doc about this in the README explaining it exists and how it works.
|
Hi. Was this option finally made available or not? This is still a valid concern for me (only now started using this lib.). |
|
I don't think so. I ended writing my own APNS bindings for the company, but it isn't open source I'm afraid, so I didn't pursue this patch too much in the process. One particular reason was that I wanted something else than Chatterbox as the implementation of the HTTP2 transport. |
Apple devices as well as older software installations of Linux are
likely to have too old OpenSSLs for the token signing to work. Fix
this by making the location of the OpenSSL binary configurable in the
configuration knobs.
We needed this patch for two reasons: Apple, and older Linux distributions. I'm just suggesting it as a patch for now, and I think the
_pathcomponent is a bad name. Probably rather call itopenssl_executableor something such. Also, it needs documentation.However, if those things were fixed, would you guys be willing to take this patch in?