-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
todo: update to openssl 1.1.1e on March 17th #32210
Comments
Hey, I would like to help. I am currently running Ubuntu 18.04, but I can quickly spin off a Docker for CentOS7.1 or Ubuntu 16.04 for this. |
Update: |
@hassaanp what gives you the impression ubuntu 18.04 isn't perfectly adequate? I'm a bit concerned, is there something in the docs that suggests that? I run Ubuntu 19.10 myself, ATM, but it shouldn't matter. You can, btw, do a dry run right now, running through the steps, but using the 1.1.1d archive. Nothing will change, and obviously you won't PR the result, but you'll get a chance to see how the config process works. |
I will do the dry run as per your recommendation. In the requirements it is mentioned that only Centos 7.1 and Ubuntu 16 are tested. I assumed that is the general recommendation. |
Thanks, I just fixed that in #32209 |
I have successfully done a test run - the new version should be out in the next 6 hours. |
The update is still not available. Will recheck in an hour |
New version does not build cleanly. This is the error output when I run
The |
I will look. |
There is no openssl-1.1.1e: https://www.openssl.org/source/ I'm not clear what you were doing when you encountered the above. |
strange, I was able to pull in using |
I was able to fix the issue |
@sam-github |
I reproduced, but I'm not going to spend time looking at it until openssl-1.1.1e is released. For all we know, that's an internal rc, partially built, and missing files. |
The file is now officially available on their downloads page. Also received an email from them.
The same error was reproduced by downloading from the official release link. |
OK, sorry, openssl updates have been routine for a long time, and this one is not. I'll have to figure out what changed. |
openssl/openssl#9681 looks to be responsible. |
I have been able to build it successfully - currently running tests. |
one test failing
is this cause for concern? |
I have pushed the update so you can take a look at the changes I made in
One test is still failing as mentioned in my previous comment. |
I dug deeper into the test |
^-- above discussion should move to the PR, and a stand-alone commit that fixes the test would likely be needed. And yes, its an issue, PR can't land with test regressions. |
Aknowledged |
https://mta.openssl.org/pipermail/openssl-announce/2020-March/000166.html announced an upcoming OpenSSL release.
I normally do these, but if any other collaborator would like to get involved in the TLS maintenance, this is a good place to start.
The maintenance guide is pretty clear, but is moving, check the PR: #32209
If there is someone who would like to do this, please comment here, and I'll be available to help if needed. If not, I'll do it.
EDIT: and note that we are currently floating a patch, but that won't be necessary after this upcoming update:
The text was updated successfully, but these errors were encountered: