Skip to content

[v16.x] deps: update openssl to OpenSSL 1.1.1n#42352

Closed
hassaanp wants to merge 3 commits intonodejs:v16.x-stagingfrom
hassaanp:deps/update-openssl-to-openssl1.1.1n-v16.x
Closed

[v16.x] deps: update openssl to OpenSSL 1.1.1n#42352
hassaanp wants to merge 3 commits intonodejs:v16.x-stagingfrom
hassaanp:deps/update-openssl-to-openssl1.1.1n-v16.x

Conversation

@hassaanp
Copy link
Contributor

@hassaanp hassaanp commented Mar 15, 2022

Updated openssl dep to openssl1.1.1n+quic using the maintenance guide.

Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. v16.x labels Mar 15, 2022
@hassaanp hassaanp changed the title [v16.x] update to OpenSSL 1.1.1n [v16.x] deps: update to OpenSSL 1.1.1n Mar 15, 2022
@hassaanp hassaanp changed the title [v16.x] deps: update to OpenSSL 1.1.1n [v16.x] deps: update openssl to OpenSSL 1.1.1n Mar 15, 2022
@aduh95
Copy link
Contributor

aduh95 commented Mar 16, 2022

This needs a rebase to fix the self-signed certificate test failure.

@mhdawson
Copy link
Member

mhdawson commented Mar 16, 2022

@hassaanp I think this needs a rebase with only the OpenSSL commits showing as new, versus including a merge commit as it currently is.

@danielleadams

This comment was marked as outdated.

Sign in to view
hassaanp added 2 commits March 17, 2022 05:26
@hassaanp
deps: upgrade openssl sources to OpenSSL_1_1_1n
0b01551 
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1n+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl
@hassaanp
deps: update archs files for OpenSSL-1.1.1
390b462 
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit
@hassaanp hassaanp force-pushed the deps/update-openssl-to-openssl1.1.1n-v16.x branch from 0940cf4 to 390b462 Compare March 17, 2022 00:28
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43077/

@mhdawson
Copy link
Member

mhdawson commented Mar 17, 2022

@hassaanp Looks like 16.x will need d37dceb cherry picked as well because we have some testing against OpenSSL 3.x with shared libraryies.

@mhdawson
Copy link
Member

mhdawson commented Mar 17, 2022
edited
Loading

@danielleadams if you are going to do build you should be able to cherry pick d37dceb it seemed to apply cleanly to me against 16

@hassaanp
Copy link
Contributor Author

hassaanp commented Mar 17, 2022

@mhdawson i have cherry picked the patch to the PR

@richardlau richardlau added request-ci Add this label to start a Jenkins CI on a PR. and removed request-ci Add this label to start a Jenkins CI on a PR. labels Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022
edited by aduh95
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/43086/ https://ci.nodejs.org/job/node-test-pull-request/43087/ (both target the wrong commit 390b462 instead of a661347)

@richardlau richardlau added the fast-track PRs that do not need to wait for 48 hours to land. label Mar 17, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Mar 17, 2022

Fast-track has been requested by @richardlau. Please 👍 to approve.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022
edited by aduh95
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/43088/ (EDIT: wrong commit again, maybe due to GitHub outage?)

@aduh95 aduh95 added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 17, 2022
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43089/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43091/

@richardlau
Copy link
Member

richardlau commented Mar 17, 2022

Jenkins is refusing to build against the correct commit... and I think the problem may be on GitHub's side:

$ git ls-remote upstream refs/pull/42352/head
390b462da9ce7a7d81c17fc1b31862defd10a148        refs/pull/42352/head

instead of a661347 😕.

@mhdawson @richardlau
test: fix tests affected by OpenSSL update
bac3d3a 
Last OpenSSL 3 update changes behaviour back to be
closer to that of OpenSSL 1.1.1. Remove some instances
where we expected different errors from OpenSSL 3 versus
OpenSSL 1.1.1.

Signed-off-by: Michael Dawson <midawson@redhat.com>
@richardlau richardlau force-pushed the deps/update-openssl-to-openssl1.1.1n-v16.x branch from a661347 to bac3d3a Compare March 17, 2022 17:22
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43094/

@richardlau
Copy link
Member

richardlau commented Mar 17, 2022

I repicked d37dceb and forced pushed which has made refs/pull/42352/head consistent with the branch:

$ git ls-remote upstream refs/pull/42352/head
bac3d3a979dc939f1a33072f8dacc6d93494fb79        refs/pull/42352/head

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43096/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Mar 17, 2022

CI: https://ci.nodejs.org/job/node-test-pull-request/43098/

@richardlau
Copy link
Member

richardlau commented Mar 17, 2022

Landed in e10e4fd...c533b43.

@richardlau richardlau closed this Mar 17, 2022
richardlau pushed a commit that referenced this pull request Mar 17, 2022
@hassaanp @richardlau
deps: upgrade openssl sources to OpenSSL_1_1_1n
7a6a870 
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1n+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau pushed a commit that referenced this pull request Mar 17, 2022
@hassaanp @richardlau
deps: update archs files for OpenSSL-1.1.1
3924618 
 After an OpenSSL source update, all the config files need to be
 regenerated and committed by:
    $ make -C deps/openssl/config
    $ git add deps/openssl/config/archs
    $ git add deps/openssl/openssl/include/crypto/bn_conf.h
    $ git add deps/openssl/openssl/include/crypto/dso_conf.h
    $ git add deps/openssl/openssl/include/openssl/opensslconf.h
    $ git commit

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau pushed a commit that referenced this pull request Mar 17, 2022
@mhdawson @richardlau
test: fix tests affected by OpenSSL update
c533b43 
Last OpenSSL 3 update changes behaviour back to be
closer to that of OpenSSL 1.1.1. Remove some instances
where we expected different errors from OpenSSL 3 versus
OpenSSL 1.1.1.

Signed-off-by: Michael Dawson <midawson@redhat.com>

PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
@richardlau richardlau mentioned this pull request Mar 17, 2022
Merged
This was referenced Mar 18, 2022
Open
Open
Open
Open
Open
Open
Open
Open
@github-actions github-actions bot mentioned this pull request Mar 26, 2022
Open
26 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@richardlau richardlau richardlau approved these changes

+1 more reviewer

@danielleadams danielleadams danielleadams approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. fast-track PRs that do not need to wait for 48 hours to land. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@hassaanp @aduh95 @mhdawson @danielleadams @nodejs-github-bot @richardlau