Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OpenSSL3 #206

Merged
merged 2 commits into from
Jul 4, 2022
Merged

Fix OpenSSL3 #206

merged 2 commits into from
Jul 4, 2022

Conversation

sjaeckel
Copy link
Member

This fixes builds against OpenSSL 3.

@sjaeckel sjaeckel requested a review from pasis May 16, 2022 12:53
pasis
pasis approved these changes May 16, 2022
View reviewed changes
Copy link
Member

@pasis pasis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no experience with providers, so I cannot check the idea itself, but the change looks good.

src/tls_openssl.c Outdated Show resolved Hide resolved
src/tls_openssl.c Outdated Show resolved Hide resolved
@sjaeckel sjaeckel force-pushed the fix-openssl3 branch 8 times, most recently from caa7e02 to 3180037 Compare May 18, 2022 05:32
@nosnilmot
Copy link
Contributor

Please do not load the legacy provider by default in a library, that defeats the purpose of deprecating legacy algorithms in the first place.
Is this just required to pass the test that fails because the example PFX certificate is using RC2-40-CBC? #208 has an alternative fix for that issue by replacing the PFX with one using AES-256-CBC instead.

@sjaeckel
Copy link
Member Author

Please do not load the legacy provider by default in a library, that defeats the purpose of deprecating legacy algorithms in the first place.
Is this just required to pass the test that fails because the example PFX certificate is using RC2-40-CBC? #208 has an alternative fix for that issue by replacing the PFX with one using AES-256-CBC instead.

That's a very valid point which I didn't take into account. I'll update this PR accordingly when I have the time

@sjaeckel sjaeckel force-pushed the fix-openssl3 branch 2 times, most recently from 91193e7 to 47d3841 Compare July 4, 2022 16:08
@sjaeckel sjaeckel requested review from pasis and removed request for pasis July 4, 2022 16:08
@sjaeckel
also run CI tests with OpenSSL 3.0
9577253 
... and extend build matrix of libressl.

Most of those new libressl build jobs are marked as `continue: true` since
either they don't build or they cause memory leaks (3.5/OPENBSD_7_1)
The `OPENBSD_X_Y` branches are also marked like that since they will
evolve and maybe break at a later point in time. Currently they represent
the buildable versions of their respective releases (3.3.6 resp. 3.4.3).

Also change CI distro to ubuntu-22.04 as using OpenSSL 3 on 20.04 fails.

Signed-off-by: Steffen Jaeckel <[email protected]>
@sjaeckel
disable some LibreSSL builds
4d15f1d 
Signed-off-by: Steffen Jaeckel <[email protected]>
@sjaeckel sjaeckel force-pushed the fix-openssl3 branch 2 times, most recently from 7f0a117 to 4d15f1d Compare July 4, 2022 18:15
@sjaeckel sjaeckel merged commit 4d15f1d into master Jul 4, 2022
@sjaeckel sjaeckel deleted the fix-openssl3 branch July 4, 2022 21:12
@sjaeckel sjaeckel added this to the 0.12.1 milestone Jul 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pasis pasis pasis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.12.1
Development

Successfully merging this pull request may close these issues.
3 participants
@sjaeckel @nosnilmot @pasis