-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to OpenSSL-1.1.0i #22318
Upgrade to OpenSSL-1.1.0i #22318
Conversation
@nodejs/security-wg |
|
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.
This is a floating patch against OpenSSL-1.1.0 to generate asm files with Makefile rules and it is to be submitted to the upstream. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: Michael Dawson <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files.
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517
0c8bc99
to
5143132
Compare
IIRC, shared-lib OpenSSL is observed particularly closely by @danbev? If so, maybe they have a standard way that they skip tests if the linked OpenSSL is outdated? Or maybe @build-infra needs to update that Jenkins host? |
@shigeki @Trott To update the OpenSSL versions in CI, these lines need to changed to point to the new version. I can take a look in a little bit |
This updates all sources in deps/openssl/openssl with openssl-1.1.0i. PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517 PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
We switched from using a shared OpenSSL to the one shipped with node a few months ago since our main deployment environment is a container. So we are no longer building with a shared OpenSSL and not discovering issues like we used to. |
This updates all sources in deps/openssl/openssl with openssl-1.1.0i. PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517 PR-URL: #22318 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
This is in the 10.9.0 release that just went out, right? Should we fast-track landing it on |
👍 here to approve fast-tracking. This qualifies on the "unbreak CI" principle. The sharedlib host will fail CI until this lands, as I understand it. @refack |
Also after this lands, everyone will also need to rebase their PRs. |
Resume build: https://ci.nodejs.org/job/node-test-commit/20572/ |
Looks like this has already landed on master via 32902d0...19246de? |
Ah, landed twenty minutes ago. This should be closed, yes? |
This upgrades OpenSSL-1.1.0i.
test-crypto-scrypt.js
andtest-tls-passphrase.js
were failed due to the changes ofopenssl/openssl@45ae18b and openssl/openssl@36d2517. This PR includes the fix of the tests in 0c8bc990aec71111b9f8e3879444c1bd31065015.
Fixes: #22187
@nodejs/crypto
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes