Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does JRuby uses OpenSSL #115

Closed
gengivan opened this issue Nov 29, 2016 · 1 comment
Closed

Does JRuby uses OpenSSL #115

gengivan opened this issue Nov 29, 2016 · 1 comment

Comments

@gengivan
Copy link

gengivan commented Nov 29, 2016
edited by kares

Hi,

The context is we use JRuby-Openssl in our code, then we use Sonar to scan our code and found lots(hundreds) of 'Using Components with Known Vulnerabilities' alerts which are about OpenSSL.
e.g:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4252
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176
....
These alerts are about OpenSSL, so I tried to find whether JRuby-OpenSSL uses OpenSSL or it's just ruby version of openssl?

If you use openssl, do you have OpenSSL version info I can refer?
And if jruby-openssl is pure ruby/java version, will you consider above alerts also apply to jruby-openssl?

Thanks,
Ivan Geng

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@kares
Copy link
Member

kares commented Nov 29, 2016

nope, no OpenSSL C code is actually used here. some .rb bits are used (same as MRI does).

@kares kares closed this as completed Nov 29, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kares @gengivan