Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v16.x] deps: update openssl to OpenSSL 1.1.1n #42352

Conversation

hassaanp
Copy link
Contributor

Updated openssl dep to openssl1.1.1n+quic using the maintenance guide.

Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v16.x labels Mar 15, 2022
@hassaanp hassaanp changed the title [v16.x] update to OpenSSL 1.1.1n [v16.x] deps: update to OpenSSL 1.1.1n Mar 15, 2022
@hassaanp hassaanp changed the title [v16.x] deps: update to OpenSSL 1.1.1n [v16.x] deps: update openssl to OpenSSL 1.1.1n Mar 15, 2022
@aduh95
Copy link
Contributor

aduh95 commented Mar 16, 2022

This needs a rebase to fix the self-signed certificate test failure.

@mhdawson
Copy link
Member

@hassaanp I think this needs a rebase with only the OpenSSL commits showing as new, versus including a merge commit as it currently is.

@danielleadams

This comment was marked as outdated.

This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1n+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@hassaanp hassaanp force-pushed the deps/update-openssl-to-openssl1.1.1n-v16.x branch from 0940cf4 to 390b462 Compare March 17, 2022 00:28
@nodejs-github-bot
Copy link
Collaborator

@mhdawson
Copy link
Member

@hassaanp Looks like 16.x will need d37dceb cherry picked as well because we have some testing against OpenSSL 3.x with shared libraryies.

@mhdawson
Copy link
Member

mhdawson commented Mar 17, 2022

@danielleadams if you are going to do build you should be able to cherry pick d37dceb it seemed to apply cleanly to me against 16

@hassaanp
Copy link
Contributor Author

@mhdawson i have cherry picked the patch to the PR

@richardlau richardlau added request-ci Add this label to start a Jenkins CI on a PR. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

@richardlau richardlau added the fast-track PRs that do not need to wait for 48 hours to land. label Mar 17, 2022
@github-actions
Copy link
Contributor

Fast-track has been requested by @richardlau. Please 👍 to approve.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43088/ (EDIT: wrong commit again, maybe due to GitHub outage?)

@aduh95 aduh95 added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43089/

@nodejs-github-bot
Copy link
Collaborator

@richardlau
Copy link
Member

Jenkins is refusing to build against the correct commit... and I think the problem may be on GitHub's side:

$ git ls-remote upstream refs/pull/42352/head
390b462da9ce7a7d81c17fc1b31862defd10a148        refs/pull/42352/head

instead of a661347 😕.

Last OpenSSL 3 update changes behaviour back to be
closer to that of OpenSSL 1.1.1. Remove some instances
where we expected different errors from OpenSSL 3 versus
OpenSSL 1.1.1.

Signed-off-by: Michael Dawson <midawson@redhat.com>
@richardlau richardlau force-pushed the deps/update-openssl-to-openssl1.1.1n-v16.x branch from a661347 to bac3d3a Compare March 17, 2022 17:22
@nodejs-github-bot
Copy link
Collaborator

@richardlau
Copy link
Member

I repicked d37dceb and forced pushed which has made refs/pull/42352/head consistent with the branch:

$ git ls-remote upstream refs/pull/42352/head
bac3d3a979dc939f1a33072f8dacc6d93494fb79        refs/pull/42352/head

@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@richardlau
Copy link
Member

Landed in e10e4fd...c533b43.

@richardlau richardlau closed this Mar 17, 2022
richardlau pushed a commit that referenced this pull request Mar 17, 2022
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1n+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau pushed a commit that referenced this pull request Mar 17, 2022
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau pushed a commit that referenced this pull request Mar 17, 2022
Last OpenSSL 3 update changes behaviour back to be
closer to that of OpenSSL 1.1.1. Remove some instances
where we expected different errors from OpenSSL 3 versus
OpenSSL 1.1.1.

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
@richardlau richardlau mentioned this pull request Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file. fast-track PRs that do not need to wait for 48 hours to land. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants