Support openssl 3 (Fixes: #100) #101
Conversation
The openssl API introduced some breaking changes which are fixed by this commit. For more information about those changes check this out: https://github.com/ruby/openssl/blob/master/History.md#version-300 Co-authored-by: Sergio Durigan Junior <sergiodj@ubuntu.com>
|
Cc @sergiodj |
|
@nov will you have time to take a look at this PR any time soon? The CI jobs are failing but it seems unrelated to the changes, it is a failure when cloning a submodule. I'd recommend to also test it with Ubuntu 22.04 to make sure it is working fine with OpenSSL 3. |
|
Can't we wait for openssl gem to add better interface so that we don't need such low level code here? |
|
@nov do you have any information if openssl gem maintainers are planning to do what you are expecting? I just checked their git repo and I do not see many changes in that direction. AFAIU the maintainers just tried to follow the API changes applied by the openssl lib maintainers. In net-ssh gem, we proposed a similar patch set and it was merged by them. Please let me know if you have some information that I am not aware of. I do not want to leave json-jwt gem broken in Ubuntu 22.04 for too long, so it would be great if we could reach a consensus. TIA! |
|
I'm waiting openssl gem introduce new interface for key params setters as described here. |
|
@nov the openssl PR you linked was already merged, so I think the maintainers are not planning to provide a different interface (I also did not find any WIP PR regarding a change in the key's API). The changes I am proposing here are compliant with that. I do not think that changes here are too low level, the thing is that now we need to use the ASN1 data structure to set the values before creating a key because it is immutable now. |
|
@nov could you please revisit the comments here? |
|
What I expect is something like |
|
Is there any news on this? We migrated to Ubuntu 22.04 which caused our OIDC implementation to fail due to this incompatibility. |
|
Hum, no progress on openssl gem side. |
|
never mind. I do rebase and merge on my side at #102 |
|
BTW, if you know the way to let travis test against openssl3, pull requests for that is very helpful not to break openssl 3 compatibility unexpectedly in future. |
|
@nov Travis seems to use an ancient Ubuntu version. I opened a pull request which adds test against Ruby 3.1 on Ubuntu 22.04 (which uses OpenSSL3) using GitHub Actions. |
|
thanks! |
The openssl API introduced some breaking changes which are fixed by this
commit. For more information about those changes check this out:
https://github.com/ruby/openssl/blob/master/History.md#version-300
Co-authored-by: Sergio Durigan Junior sergiodj@ubuntu.com
With the proposed changes all tests are passing with OpenSSL 3. You can easily test it in a system running Ubuntu 22.04 which has OpenSSL 3 as the default.