-
Notifications
You must be signed in to change notification settings - Fork 29.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v10.x backport] Update openssl1.1.1a #26270
[v10.x backport] Update openssl1.1.1a #26270
Commits on Feb 28, 2019
-
tls: add min/max protocol version options
The existing secureProtocol option only allows setting the allowed protocol to a specific version, or setting it to "all supported versions". It also used obscure strings based on OpenSSL C API functions. Directly setting the min or max is easier to use and explain. Backport-PR-URL: nodejs#24676 PR-URL: nodejs#24405 Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Rod Vagg <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for be6a3a1 - Browse repository at this point
Copy the full SHA be6a3a1View commit details -
doc: fix REPLACEME for tls min/max protocol option
Fill in correct pr-url: value in the YAML changelog that was missing from f512f5e. The stanza was also sorted in the wrong order, most recent is supposed to be in the beginning of the changes, not the end. PR-URL: nodejs#24759 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8e4a622 - Browse repository at this point
Copy the full SHA 8e4a622View commit details -
deps: upgrade openssl sources to 1.1.1a
This updates all sources in deps/openssl/openssl with openssl-1.1.1a. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 39d09ce - Browse repository at this point
Copy the full SHA 39d09ceView commit details -
deps: fix gyp/gypi for openssl-1.1.1
Some of defines and cppflags in the build config of OpenSSL-1.1.1 were moved to new attributes. Gyp and gypi file generations are needed to be fixed to include them. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for e8b39cf - Browse repository at this point
Copy the full SHA e8b39cfView commit details -
deps: fix MacOS and Win build for OpenSSL-1.1.1
Because llvm on MacOS does not support AVX-512, asm files need to be limited to AVX-2 support even when they are generated on Linux. fake_gcc.pl returns the fake llvm banner version for MacOS as if the assembler supports upto AVX-2. For Windows, makefiles for nmake were updated in OpenSSL-1.1.1 and they are rewritten into GNU makefile format by hand. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for af05709 - Browse repository at this point
Copy the full SHA af05709View commit details -
deps: add s390 asm rules for OpenSSL-1.1.1
This is a floating patch against OpenSSL-1.1.1 to generate asm files with Makefile rules. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 08cf226 - Browse repository at this point
Copy the full SHA 08cf226View commit details -
deps: add only avx2 configs for OpenSSL-1.1.1
OpenSSL-1.1.1 has new support of AVX-512 but AVX-2 asm files still need to be generated for the older assembler support to keep backward compatibilities. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 0cf96fb - Browse repository at this point
Copy the full SHA 0cf96fbView commit details -
deps: fix for non GNU assembler in AIX
AIX has own assembler not GNU as that does not support --noexecstack. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 87ff9f7 - Browse repository at this point
Copy the full SHA 87ff9f7View commit details -
doc: fix assembler requirement for OpenSSL-1.1.1
Add new requirements of assembler version for AVX-512 support in OpenSSL-1.1.1. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for eb3470a - Browse repository at this point
Copy the full SHA eb3470aView commit details -
deps: update archs files for OpenSSL-1.1.1a
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 312dcc3 - Browse repository at this point
Copy the full SHA 312dcc3View commit details -
tls: workaround handshakedone in renegotiation
`SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for 6be596d - Browse repository at this point
Copy the full SHA 6be596dView commit details -
test: assert on client and server side seperately
This gets better coverage of the codes, and is more explicit. It also works around ordering differences in the errors produced by openssl. The approach was tested with 1.1.0 and 1.1.1, as well as TLSv1.2 vs TLSv1.3. OpenSSL 1.1.0 is relevant when node is built against a shared openssl. PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> Backport-PR-URL: nodejs#25688
Configuration menu - View commit details
-
Copy full SHA for d502073 - Browse repository at this point
Copy the full SHA d502073View commit details