Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node@16: switch to openssl@3 #134564

Merged
merged 2 commits into from
Jun 22, 2023
Merged

node@16: switch to openssl@3 #134564

merged 2 commits into from
Jun 22, 2023

Conversation

chenrui333
Copy link
Member

See #134251.

@chenrui333
node@16: switch to openssl@3
c3f1183 
Signed-off-by: Rui Chen <rui@chenrui.dev>
@chenrui333 chenrui333 added openssl-3-migration Related to switching to an OpenSSL 3 dependency staging-branch-pr This pull request targets a *-staging branch. labels Jun 22, 2023
@github-actions github-actions bot added legacy Relates to a versioned @ formula long build Set a long timeout for formula testing icu4c ICU use is a significant feature of the PR or issue labels Jun 22, 2023
@chenrui333 chenrui333 mentioned this pull request Jun 22, 2023
Closed
@carlocab carlocab removed the long build Set a long timeout for formula testing label Jun 22, 2023
@fel1x-developer
Copy link
Contributor

fel1x-developer commented Jun 22, 2023
edited
Loading

https://nodejs.org/en/blog/vulnerability/openssl-november-2022

Node.js v17.x, v18.x, and v19.x use OpenSSL v3.
Node.js v18.x and v19.x will be updated to address this issue.
Support for Node.js v17.x ended in June 2022. It will not be updated. Please migrate to a supported version of Node.js.
Node.js 14.x and v16.x are not affected by this OpenSSL update.

node@14 and node@16 don't support openssl@3.

@carlocab
Copy link
Member

Thanks for the notice. Let's see if it'll build anyway... If not we can cross it off the list.

@p-linnane
Copy link
Member

Looks like it built and linked succesfully.

@github-actions
Copy link
Contributor

🤖 An automated task has requested bottles to be published to this PR.

@github-actions github-actions bot added the CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. label Jun 22, 2023
@github-actions github-actions bot added the long build Set a long timeout for formula testing label Jun 22, 2023
@BrewTestBot BrewTestBot merged commit 6a45e11 into Homebrew:openssl-migration-staging Jun 22, 2023
@spencerhakim
Copy link

spencerhakim commented Jul 5, 2023
edited
Loading

This actually broke some libraries. For example, if you're using a version of Webpack that defaults to using the md4 hash function, you end up getting a cryptic error. This is easily reproduced in the Node REPL:

> require('crypto').createHash('md4')
Uncaught Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:71:19)
    at Object.createHash (node:crypto:130:10) {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Since it was pointed out that Node v16 was supposed to remain on OpenSSL v1.1.1 and not introduce breaking changes, this should probably be reverted.

After consideration, we have decided that the least risky option is to avoid the potential breaking change of an in-release OpenSSL switch and bring forward the End-of-Life date of Node.js 16 to be on the same day as the end of support of OpenSSL 1.1.1, September 11th, 2023.

@spencerhakim spencerhakim mentioned this pull request Jul 6, 2023
Closed
4 tasks
@github-actions github-actions bot added the outdated PR was locked due to age label Aug 5, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 5, 2023
@chenrui333 chenrui333 deleted the node@16-openssl3 branch January 22, 2024 14:27
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@carlocab carlocab carlocab approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
CI-published-bottle-commits The commits for the built bottles have been pushed to the PR branch. icu4c ICU use is a significant feature of the PR or issue legacy Relates to a versioned @ formula long build Set a long timeout for formula testing openssl-3-migration Related to switching to an OpenSSL 3 dependency outdated PR was locked due to age staging-branch-pr This pull request targets a *-staging branch.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@chenrui333 @fel1x-developer @carlocab @p-linnane @spencerhakim @BrewTestBot