Skip to content

doc: doc-only deprecate OpenSSL engine-based APIs#53329

Merged
nodejs-github-bot merged 1 commit intonodejs:mainfrom
richardlau:deprecate_openssl_engines
Jun 7, 2024
Merged

doc: doc-only deprecate OpenSSL engine-based APIs#53329
nodejs-github-bot merged 1 commit intonodejs:mainfrom
richardlau:deprecate_openssl_engines

Conversation

@richardlau
Copy link
Member

@richardlau richardlau commented Jun 4, 2024
edited
Loading

OpenSSL 3 deprecated support for custom engines with a recommendation to switch to its new provider model.
The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jun 4, 2024

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Jun 4, 2024
@avivkeller avivkeller added crypto Issues and PRs related to the crypto subsystem. openssl Issues and PRs related to the OpenSSL dependency. and removed crypto Issues and PRs related to the crypto subsystem. labels Jun 4, 2024
@avivkeller
Copy link
Member

avivkeller commented Jun 4, 2024

(ignore the crypto label, oops)

avivkeller
avivkeller reviewed Jun 4, 2024
View reviewed changes
avivkeller
avivkeller approved these changes Jun 4, 2024
View reviewed changes
Copy link
Member

@avivkeller avivkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

I'm not a core-collaborator, so this is non-blocking/approving

@richardlau
Copy link
Member Author

richardlau commented Jun 4, 2024
edited
Loading

In terms of timeframes, https://mta.openssl.org/pipermail/openssl-users/2023-November/016852.html from last November indicated that since OpenSSL now follows semver, the earliest OpenSSL could remove the engine API is OpenSSL 4 for which there is no plan for when that would be released.

There is no date set for that yet. Not even roughly. The earliest
release where the engine API can be removed is 4.0 but there was no
decision on when that version is going to be released and it was not
even decided which of the deprecated APIs are going to be removed in
4.0.

The functions deprecated in 3.0 will remain supported in 3.0 until
2026-09-07. If there is any further 3.x version designated as LTS, it
will give the lifetime of these APIs at least further five years. But
it wasn't decided yet whether there will be another 3.x version
designated as LTS.

Anyone building Node.js themselves today and linking to OpenSSL 3 configured with no-engine would not have OpenSSL engine support available and will get the documented ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED error when trying to use a Node.js API that depends on OpenSSL engine support.

tniessen
tniessen approved these changes Jun 4, 2024
View reviewed changes
Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doc-only deprecation is fine by me, as long as nobody moves this towards a runtime deprecation for no reason. We should definitely try to better accommodate OpenSSL 3 providers.

@richardlau richardlau added the notable-change PRs with changes that should be highlighted in changelogs. label Jun 4, 2024
@github-actions
Copy link
Contributor

github-actions bot commented Jun 4, 2024

The notable-change PRs with changes that should be highlighted in changelogs. label has been added by @richardlau.

Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section.

VoltrexKeyva
VoltrexKeyva reviewed Jun 4, 2024
View reviewed changes
@richardlau
doc: doc-only deprecate OpenSSL engine-based APIs
91390c2 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.
@richardlau richardlau force-pushed the deprecate_openssl_engines branch from 28ea741 to 91390c2 Compare June 4, 2024 17:59
@richardlau richardlau changed the title doc: doc-only deprecate OpenSSL engine based APIs doc: doc-only deprecate OpenSSL engine-based APIs Jun 4, 2024
@richardlau richardlau added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue Add this label to land a pull request using GitHub Actions. labels Jun 5, 2024
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 7, 2024
@nodejs-github-bot nodejs-github-bot merged commit 5291b0e into nodejs:main Jun 7, 2024
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jun 7, 2024

Landed in 5291b0e

@richardlau richardlau deleted the deprecate_openssl_engines branch June 11, 2024 16:09
targos pushed a commit that referenced this pull request Jun 20, 2024
@richardlau @targos
doc: doc-only deprecate OpenSSL engine-based APIs
df47627 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.

PR-URL: #53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
eliphazbouye pushed a commit to eliphazbouye/node that referenced this pull request Jun 20, 2024
@richardlau @eliphazbouye
doc: doc-only deprecate OpenSSL engine-based APIs
494d7ae 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.

PR-URL: nodejs#53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
bmeck pushed a commit to bmeck/node that referenced this pull request Jun 22, 2024
@richardlau @bmeck
doc: doc-only deprecate OpenSSL engine-based APIs
326f515 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.

PR-URL: nodejs#53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos added a commit that referenced this pull request Jun 25, 2024
@targos
2024-06-26, Version 22.4.0 (Current)
8efb279 
Notable changes:

deps,lib,src:
  * (SEMVER-MINOR) add experimental web storage (Colin Ihrig) #52435
doc:
  * move `node --run` stability to rc (Yagiz Nizipli) #53433
  * mark WebSocket as stable (Matthew Aitken) #53352
  * mark --heap-prof and related flags stable (Joyee Cheung) #53343
  * mark --cpu-prof and related flags stable (Joyee Cheung) #53343
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
lib:
  * (SEMVER-MINOR) add diagnostics_channel events to module loading (RafaelGSS) #44340
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53583
@targos targos mentioned this pull request Jun 25, 2024
Merged
targos added a commit that referenced this pull request Jun 26, 2024
@targos
2024-06-26, Version 22.4.0 (Current)
e7e7e93 
Notable changes:

deps,lib,src:
  * (SEMVER-MINOR) add experimental web storage (Colin Ihrig) #52435
doc:
  * move `node --run` stability to rc (Yagiz Nizipli) #53433
  * mark WebSocket as stable (Matthew Aitken) #53352
  * mark --heap-prof and related flags stable (Joyee Cheung) #53343
  * mark --cpu-prof and related flags stable (Joyee Cheung) #53343
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
lib:
  * (SEMVER-MINOR) add diagnostics_channel events to module loading (RafaelGSS) #44340
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53583
targos added a commit that referenced this pull request Jul 1, 2024
@targos
2024-07-02, Version 22.4.0 (Current)
7e13cc5 
Notable changes:

deps,lib,src:
  * (SEMVER-MINOR) add experimental web storage (Colin Ihrig) #52435
doc:
  * move `node --run` stability to rc (Yagiz Nizipli) #53433
  * mark WebSocket as stable (Matthew Aitken) #53352
  * mark --heap-prof and related flags stable (Joyee Cheung) #53343
  * mark --cpu-prof and related flags stable (Joyee Cheung) #53343
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
lib:
  * (SEMVER-MINOR) add diagnostics_channel events to module loading (RafaelGSS) #44340
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53583
targos added a commit that referenced this pull request Jul 2, 2024
@targos
2024-07-02, Version 22.4.0 (Current)
056f055 
Notable changes:

deps,lib,src:
  * (SEMVER-MINOR) add experimental web storage (Colin Ihrig) #52435
doc:
  * move `node --run` stability to rc (Yagiz Nizipli) #53433
  * mark WebSocket as stable (Matthew Aitken) #53352
  * mark --heap-prof and related flags stable (Joyee Cheung) #53343
  * mark --cpu-prof and related flags stable (Joyee Cheung) #53343
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
lib:
  * (SEMVER-MINOR) add diagnostics_channel events to module loading (RafaelGSS) #44340
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53583
@Karliz24 Karliz24 mentioned this pull request Jul 9, 2024
Open
marco-ippolito pushed a commit that referenced this pull request Jul 19, 2024
@richardlau @marco-ippolito
doc: doc-only deprecate OpenSSL engine-based APIs
dfbbbc4 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.

PR-URL: #53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito pushed a commit that referenced this pull request Jul 19, 2024
@richardlau @marco-ippolito
doc: doc-only deprecate OpenSSL engine-based APIs
3445c08 
OpenSSL 3 deprecated support for custom engines with a recommendation
to switch to its new provider model.

PR-URL: #53329
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
marco-ippolito added a commit that referenced this pull request Jul 19, 2024
@marco-ippolito
2024-07-24, Version 20.16.0 'Iron' (LTS)
1bfed56 
Notable changes:

buffer:
  * (SEMVER-MINOR) add .bytes() method to Blob (Matthew Aitken) #53221
doc:
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
  * (SEMVER-MINOR) add context.assert docs (Colin Ihrig) #53169
  * (SEMVER-MINOR) improve explanation about built-in modules (Joyee Cheung) #52762
  * add StefanStojanovic to collaborators (StefanStojanovic) #53118
  * add Marco Ippolito to TSC (Rafael Gonzaga) #53008
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
net:
  * (SEMVER-MINOR) add new net.server.listen tracing channel (Paolo Insogna) #53136
process:
  * (SEMVER-MINOR) add process.getBuiltinModule(id) (Joyee Cheung) #52762
src,permission:
  * (SEMVER-MINOR) --allow-wasi & prevent WASI exec (Rafael Gonzaga) #53124
test_runner:
  * (SEMVER-MINOR) add context.fullName (Colin Ihrig) #53169
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: TODO
@marco-ippolito marco-ippolito mentioned this pull request Jul 19, 2024
Merged
marco-ippolito added a commit that referenced this pull request Jul 19, 2024
@marco-ippolito
2024-07-24, Version 20.16.0 'Iron' (LTS)
7d0c53d 
Notable changes:

buffer:
  * (SEMVER-MINOR) add .bytes() method to Blob (Matthew Aitken) #53221
doc:
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
  * (SEMVER-MINOR) add context.assert docs (Colin Ihrig) #53169
  * (SEMVER-MINOR) improve explanation about built-in modules (Joyee Cheung) #52762
  * add StefanStojanovic to collaborators (StefanStojanovic) #53118
  * add Marco Ippolito to TSC (Rafael Gonzaga) #53008
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
net:
  * (SEMVER-MINOR) add new net.server.listen tracing channel (Paolo Insogna) #53136
process:
  * (SEMVER-MINOR) add process.getBuiltinModule(id) (Joyee Cheung) #52762
src,permission:
  * (SEMVER-MINOR) --allow-wasi & prevent WASI exec (Rafael Gonzaga) #53124
test_runner:
  * (SEMVER-MINOR) add context.fullName (Colin Ihrig) #53169
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53945
marco-ippolito added a commit that referenced this pull request Jul 21, 2024
@marco-ippolito
2024-07-24, Version 20.16.0 'Iron' (LTS)
5f9c968 
Notable changes:

buffer:
  * (SEMVER-MINOR) add .bytes() method to Blob (Matthew Aitken) #53221
doc:
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
  * (SEMVER-MINOR) add context.assert docs (Colin Ihrig) #53169
  * (SEMVER-MINOR) improve explanation about built-in modules (Joyee Cheung) #52762
  * add StefanStojanovic to collaborators (StefanStojanovic) #53118
  * add Marco Ippolito to TSC (Rafael Gonzaga) #53008
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
net:
  * (SEMVER-MINOR) add new net.server.listen tracing channel (Paolo Insogna) #53136
process:
  * (SEMVER-MINOR) add process.getBuiltinModule(id) (Joyee Cheung) #52762
src,permission:
  * (SEMVER-MINOR) --allow-wasi & prevent WASI exec (Rafael Gonzaga) #53124
test_runner:
  * (SEMVER-MINOR) add context.fullName (Colin Ihrig) #53169
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53945
marco-ippolito added a commit that referenced this pull request Jul 21, 2024
@marco-ippolito
2024-07-24, Version 20.16.0 'Iron' (LTS)
1968ef3 
Notable changes:

buffer:
  * (SEMVER-MINOR) add .bytes() method to Blob (Matthew Aitken) #53221
doc:
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
  * (SEMVER-MINOR) add context.assert docs (Colin Ihrig) #53169
  * (SEMVER-MINOR) improve explanation about built-in modules (Joyee Cheung) #52762
  * add StefanStojanovic to collaborators (StefanStojanovic) #53118
  * add Marco Ippolito to TSC (Rafael Gonzaga) #53008
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
net:
  * (SEMVER-MINOR) add new net.server.listen tracing channel (Paolo Insogna) #53136
process:
  * (SEMVER-MINOR) add process.getBuiltinModule(id) (Joyee Cheung) #52762
src,permission:
  * (SEMVER-MINOR) --allow-wasi & prevent WASI exec (Rafael Gonzaga) #53124
test_runner:
  * (SEMVER-MINOR) add context.fullName (Colin Ihrig) #53169
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53945
marco-ippolito added a commit that referenced this pull request Jul 24, 2024
@marco-ippolito
2024-07-24, Version 20.16.0 'Iron' (LTS)
7a6185d 
Notable changes:

buffer:
  * (SEMVER-MINOR) add .bytes() method to Blob (Matthew Aitken) #53221
doc:
  * doc-only deprecate OpenSSL engine-based APIs (Richard Lau) #53329
  * (SEMVER-MINOR) add context.assert docs (Colin Ihrig) #53169
  * (SEMVER-MINOR) improve explanation about built-in modules (Joyee Cheung) #52762
  * add StefanStojanovic to collaborators (StefanStojanovic) #53118
  * add Marco Ippolito to TSC (Rafael Gonzaga) #53008
inspector:
  * fix disable async hooks on Debugger.setAsyncCallStackDepth (Joyee Cheung) #53473
net:
  * (SEMVER-MINOR) add new net.server.listen tracing channel (Paolo Insogna) #53136
process:
  * (SEMVER-MINOR) add process.getBuiltinModule(id) (Joyee Cheung) #52762
src,permission:
  * (SEMVER-MINOR) --allow-wasi & prevent WASI exec (Rafael Gonzaga) #53124
test_runner:
  * (SEMVER-MINOR) add context.fullName (Colin Ihrig) #53169
util:
  * (SEMVER-MINOR) support `--no-` for argument with boolean type for parseArgs (Zhenwei Jin) #53107

PR-URL: #53945
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lpinca lpinca lpinca approved these changes

@tniessen tniessen tniessen approved these changes

@avivkeller avivkeller avivkeller approved these changes

@VoltrexKeyva VoltrexKeyva VoltrexKeyva approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. doc Issues and PRs related to the documentations. notable-change PRs with changes that should be highlighted in changelogs. openssl Issues and PRs related to the OpenSSL dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@richardlau @nodejs-github-bot @avivkeller @lpinca @tniessen @VoltrexKeyva