iDempiere should not require Conscrypt

Description

iDempiere currently requires Conscrypt, which is a Google library that is only available for architectures that we consider unsafe or impractical for ERP systems. As of today, Conscrypt is only available on x86 (unsafe, ME/PSP), ARM (impractical), and MIPS (unusable).

This hard dependency on a Google library that requires the Android SDK to even build should be removed ASAP.

Environment

None

Activity

Show:
Carlos Ruiz
October 22, 2019, 9:15 AM

Thanks - in past we talked about this and defined that alpn and conscrypt must be optionally added by implementor, not forced in core.

This is mostly because the recommended approach to access the web server is via a proxy using apache or nginx and the proxies access the server using http - so all the effort and pain to maintain alpn (and now conscrypt) is to support an scenario not recommended.

Regards,

Carlos Ruiz

Heng Sin Low
October 22, 2019, 9:37 AM
Edited

This should be an optional dependency since 1) JSSE does works fine for dev although it is a bit slow and 2) for production environment, this is not necessary when using together with nginx or apache proxy (proxy with java server sitting behind non-public network is also the more common setup). I don’t agree though that x86_64 is unsafe for ERP server and this needs to be removed ASAP.

Carlos Ruiz
October 22, 2019, 12:20 PM
Hiep Lq
December 22, 2019, 3:32 PM

i add patch to remove jetty-alpn.xml etc/jetty-http2 from *.product

Carlos Ruiz
December 23, 2019, 10:37 AM

Assignee

Dirk Niemeyer

Reporter

Timothy Pearson

Labels

Tested By

None

Fix versions

Affects versions

Priority

Major
Configure