[v16.x] deps: update openssl to OpenSSL 1.1.1n #42352
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
dependencies
richardlau
approved these changes
Mar 15, 2022
hassaanp
changed the title
hassaanp
changed the title
danielleadams
approved these changes
Mar 16, 2022
|
This needs a rebase to fix the self-signed certificate test failure. |
|
@hassaanp I think this needs a rebase with only the OpenSSL commits showing as new, versus including a merge commit as it currently is. |
This comment was marked as outdated.
This comment was marked as outdated.
This updates all sources in deps/openssl/openssl by:
$ git clone https://github.com/quictls/openssl
$ cd openssl
$ git checkout OpenSSL_1_1_1n+quic
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../openssl openssl
$ rm -rf openssl/.git* openssl/.travis*
$ git add --all openssl
$ git commit openssl
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
hassaanp
force-pushed
the
deps/update-openssl-to-openssl1.1.1n-v16.x
branch
from
0940cf4
to
390b462
Compare
|
@danielleadams if you are going to do build you should be able to cherry pick d37dceb it seemed to apply cleanly to me against 16 |
|
@mhdawson i have cherry picked the patch to the PR |
richardlau
added
request-ci
|
CI: |
richardlau
added
the
fast-track
|
Fast-track has been requested by @richardlau. Please 👍 to approve. |
|
CI: https://ci.nodejs.org/job/node-test-pull-request/43088/ (EDIT: wrong commit again, maybe due to GitHub outage?) |
github-actions
bot
removed
the
request-ci
|
Jenkins is refusing to build against the correct commit... and I think the problem may be on GitHub's side: instead of a661347 😕. |
Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <midawson@redhat.com>
richardlau
force-pushed
the
deps/update-openssl-to-openssl1.1.1n-v16.x
branch
from
a661347
to
bac3d3a
Compare
|
I repicked d37dceb and forced pushed which has made |
richardlau
approved these changes
Mar 17, 2022
|
Landed in e10e4fd...c533b43. |
richardlau
pushed a commit
that referenced
this pull request
Mar 17, 2022
This updates all sources in deps/openssl/openssl by:
$ git clone https://github.com/quictls/openssl
$ cd openssl
$ git checkout OpenSSL_1_1_1n+quic
$ cd ../node/deps/openssl
$ rm -rf openssl
$ cp -R ../openssl openssl
$ rm -rf openssl/.git* openssl/.travis*
$ git add --all openssl
$ git commit openssl
PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau
pushed a commit
that referenced
this pull request
Mar 17, 2022
After an OpenSSL source update, all the config files need to be
regenerated and committed by:
$ make -C deps/openssl/config
$ git add deps/openssl/config/archs
$ git add deps/openssl/openssl/include/crypto/bn_conf.h
$ git add deps/openssl/openssl/include/crypto/dso_conf.h
$ git add deps/openssl/openssl/include/openssl/opensslconf.h
$ git commit
PR-URL: #42352
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
richardlau
pushed a commit
that referenced
this pull request
Mar 17, 2022
Last OpenSSL 3 update changes behaviour back to be closer to that of OpenSSL 1.1.1. Remove some instances where we expected different errors from OpenSSL 3 versus OpenSSL 1.1.1. Signed-off-by: Michael Dawson <midawson@redhat.com> PR-URL: #42352 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
Merged
This was referenced Mar 18, 2022
26 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated openssl dep to openssl1.1.1n+quic using the maintenance guide.
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html