Upgrade to OpenSSL-1.1.0i #22318
Upgrade to OpenSSL-1.1.0i #22318
Conversation
shigeki
added
test
nodejs-github-bot
added
the
openssl
|
@nodejs/security-wg |
|
|
This updates all sources in deps/openssl/openssl with openssl-1.1.0i.
This is a floating patch against OpenSSL-1.1.0 to generate asm files with Makefile rules and it is to be submitted to the upstream. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
`cd deps/openssl/config; make` updates all archs dependant files.
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517
shigeki
force-pushed
the
upgrade_openssl110i
branch
from
0c8bc99
to
5143132
Compare
IIRC, shared-lib OpenSSL is observed particularly closely by @danbev? If so, maybe they have a standard way that they skip tests if the linked OpenSSL is outdated? Or maybe @build-infra needs to update that Jenkins host? |
|
@shigeki @Trott To update the OpenSSL versions in CI, these lines need to changed to point to the new version. I can take a look in a little bit |
This updates all sources in deps/openssl/openssl with openssl-1.1.0i. PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517 PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
We switched from using a shared OpenSSL to the one shipped with node a few months ago since our main deployment environment is a container. So we are no longer building with a shared OpenSSL and not discovering issues like we used to. |
This updates all sources in deps/openssl/openssl with openssl-1.1.0i. PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
`cd deps/openssl/config; make` updates all archs dependant files. PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
After upgradeing OpenSSL-1.1.0i, two tests are failed due to changes of error messages. Ref: openssl/openssl@45ae18b Ref: openssl/openssl@36d2517 PR-URL: #22318 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>
|
This is in the 10.9.0 release that just went out, right? Should we fast-track landing it on |
|
👍 here to approve fast-tracking. This qualifies on the "unbreak CI" principle. The sharedlib host will fail CI until this lands, as I understand it. @refack |
|
Also after this lands, everyone will also need to rebase their PRs. |
|
Resume build: https://ci.nodejs.org/job/node-test-commit/20572/ |
|
Looks like this has already landed on master via 32902d0...19246de? |
|
Ah, landed twenty minutes ago. This should be closed, yes? |
This upgrades OpenSSL-1.1.0i.
test-crypto-scrypt.jsandtest-tls-passphrase.jswere failed due to the changes ofopenssl/openssl@45ae18b and openssl/openssl@36d2517. This PR includes the fix of the tests in 0c8bc990aec71111b9f8e3879444c1bd31065015.
Fixes: #22187
@nodejs/crypto
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes