deps: update openssl to OpenSSL 3.0.2 #42356

hassaanp · 2022-03-16T05:07:36Z

Updated openssl dep to openssl-3.0.2+quic using the maintenance guide.

Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html

This updates all sources in deps/openssl/openssl by: $ git clone [email protected]:quictls/openssl.git $ cd openssl $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit

Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <[email protected]>

hassaanp · 2022-03-16T05:10:09Z

@mhdawson @richardlau
As per your suggestions, I have opened a PR against master and also cherry-picked the fix for the tests.
I hope this looks good.

RaisinTen · 2022-03-16T06:40:07Z

1.1.1n -> 3.0.2 in the PR title?

github-actions · 2022-03-16T11:53:39Z

Fast-track has been requested by @richardlau. Please 👍 to approve.

aduh95 · 2022-03-16T12:49:24Z

node/doc/contributing/collaborator-guide.md

Lines 513 to 514 in a199387

    
           All commits should be self-contained, meaning every commit should pass all 
        
           tests. This makes it much easier when bisecting to find a breaking change.

Looking at d37dceb, it looks like tests would not be passing for e06c733 and/or 3361921. Should we add a first commit to disable the failing test (before the OpenSSL update) and re-enable it in a follow up commit?

richardlau · 2022-03-16T12:51:54Z

node/doc/contributing/collaborator-guide.md

Lines 513 to 514 in a199387

All commits should be self-contained, meaning every commit should pass all

tests. This makes it much easier when bisecting to find a breaking change.

Looking at d37dceb, it looks like tests would not be passing for e06c733 and/or 3361921. Should we add a first commit to disable the failing test (before the OpenSSL update) and re-enable it in a follow up commit?

This is a tricky one for OpenSSL because as long as I can remember we've always split the OpenSSL updates into two commits, one to update the sources and a second to regen the config files, and the first commit isn't buildable without the second. I've no preference either way regarding the test in the third commit.

aduh95

RSLGTM

richardlau · 2022-03-16T12:57:01Z

I'm currently refreshing the CI machines to update the sharedlibs containers to OpenSSL 3.0.2 to fix the failing linked-openssl300 build.

RaisinTen

RSLGTM

mhdawson

LGTM

mhdawson · 2022-03-16T16:15:39Z

This is a tricky one for OpenSSL because as long as I can remember we've always split the OpenSSL updates into two commits, one to update the sources and a second to regen the config files, and the first commit isn't buildable without the second. I've no preference either way regarding the test in the third commit.

I think we might want to adjust the text saying all commits must pass all tests, for something like an OpenSSL update I see value in them being separate in terms of understanding/being able to recreate. A PR to update the text would be a good place to have that discussion and see if we want to update the OpenSSL patch generation process but that should not be part of getting the security releases out.

nodejs-github-bot · 2022-03-16T18:16:40Z

CI: https://ci.nodejs.org/job/node-test-pull-request/43073/

nodejs-github-bot · 2022-03-16T22:51:26Z

CI: https://ci.nodejs.org/job/node-test-pull-request/43075/

nodejs-github-bot · 2022-03-17T10:14:58Z

Landed in f4b7f6d...f1b6d87

This updates all sources in deps/openssl/openssl by: $ git clone [email protected]:quictls/openssl.git $ cd openssl $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

This updates all sources in deps/openssl/openssl by: $ git clone [email protected]:quictls/openssl.git $ cd openssl $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

This updates all sources in deps/openssl/openssl by: $ git clone [email protected]:quictls/openssl.git $ cd openssl $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: nodejs#42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit PR-URL: nodejs#42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#42356 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000217.html Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Michael Dawson <[email protected]>

hassaanp and others added 3 commits March 16, 2022 04:49

deps: update archs files for quictls/openssl-3.0.2+quic

3361921

After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl $ git commit

test: fix tests affected by OpenSSL update

d37dceb

Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <[email protected]>

nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency. labels Mar 16, 2022

hassaanp changed the title ~~deps: update openssl to OpenSSL 1.1.1n~~ deps: update openssl to OpenSSL 3.0.2 Mar 16, 2022

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 16, 2022

This comment was marked as outdated.

Sign in to view

richardlau approved these changes Mar 16, 2022

View reviewed changes

richardlau added fast-track PRs that do not need to wait for 48 hours to land. commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. labels Mar 16, 2022

richardlau mentioned this pull request Mar 16, 2022

test,crypto: add and update empty passphrase regression tests #42319

Merged

aduh95 added dont-land-on-v12.x labels Mar 16, 2022

aduh95 approved these changes Mar 16, 2022

View reviewed changes

RaisinTen approved these changes Mar 16, 2022

View reviewed changes

This comment was marked as outdated.

Sign in to view

tniessen approved these changes Mar 16, 2022

View reviewed changes

mhdawson approved these changes Mar 16, 2022

View reviewed changes

github-actions bot mentioned this pull request Mar 17, 2022

CI Reliability 2022-03-17 nodejs/reliability#223

Open

38 tasks

aduh95 mentioned this pull request Mar 17, 2022

deps: upgrade to libuv 1.44.2 #42340

Closed

aduh95 added the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 17, 2022

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 17, 2022

nodejs-github-bot closed this Mar 17, 2022

richardlau mentioned this pull request Mar 17, 2022

v17.7.2 proposal #42381

Merged

This was referenced May 30, 2022

deps: update OpenSSL 3.0.3+quic #43022

Closed

deps: add template for generated headers #42616

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

deps: update openssl to OpenSSL 3.0.2 #42356

deps: update openssl to OpenSSL 3.0.2 #42356

Uh oh!

hassaanp commented Mar 16, 2022

Uh oh!

hassaanp commented Mar 16, 2022

Uh oh!

RaisinTen commented Mar 16, 2022

Uh oh!

This comment was marked as outdated.

github-actions bot commented Mar 16, 2022

Uh oh!

aduh95 commented Mar 16, 2022 •

edited

Loading

Uh oh!

richardlau commented Mar 16, 2022

Uh oh!

aduh95 left a comment

Uh oh!

richardlau commented Mar 16, 2022 •

edited

Loading

Uh oh!

RaisinTen left a comment

Uh oh!

This comment was marked as outdated.

This comment was marked as outdated.

mhdawson left a comment

Uh oh!

mhdawson commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 17, 2022

Uh oh!

Uh oh!

Uh oh!

deps: update openssl to OpenSSL 3.0.2 #42356

deps: update openssl to OpenSSL 3.0.2 #42356

Uh oh!

Conversation

hassaanp commented Mar 16, 2022

Uh oh!

hassaanp commented Mar 16, 2022

Uh oh!

RaisinTen commented Mar 16, 2022

Uh oh!

This comment was marked as outdated.

github-actions bot commented Mar 16, 2022

Uh oh!

aduh95 commented Mar 16, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

richardlau commented Mar 16, 2022

Uh oh!

aduh95 left a comment

Choose a reason for hiding this comment

Uh oh!

richardlau commented Mar 16, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

RaisinTen left a comment

Choose a reason for hiding this comment

Uh oh!

This comment was marked as outdated.

This comment was marked as outdated.

mhdawson left a comment

Choose a reason for hiding this comment

Uh oh!

mhdawson commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 16, 2022

Uh oh!

nodejs-github-bot commented Mar 17, 2022

Uh oh!

Uh oh!

aduh95 commented Mar 16, 2022 •

edited

Loading

richardlau commented Mar 16, 2022 •

edited

Loading