Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support openssl 3.0 #359

Closed
pravi opened this issue Apr 4, 2022 · 6 comments
Closed

Support openssl 3.0 #359

pravi opened this issue Apr 4, 2022 · 6 comments

Comments

@pravi
Copy link

pravi commented Apr 4, 2022

In debian, we already moved to openssl 3.0 (via ruby 3.0) and ruby-webauthn no longer work. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005444 Please add support for openssl 3.0

Between openssl is included with ruby, so I wonder if you need to specify it explicitly.
@pravi
Copy link
Author

pravi commented Apr 4, 2022

https://github.com/ruby/openssl/blob/master/History.md#compatibility-notes has list of incompatible changes.

@loqs
Copy link

loqs commented Apr 5, 2022
edited
Loading

@pravi it is not possible with the current openssl ruby gem as the link you provided notes 'Deprecate the ability to modify OpenSSL::PKey::PKey instances'. Modification includes creating a key with a set value. See also #324 (comment)
If you revert ruby/openssl@5e2e66c and ruby/openssl@8ee6a58 then updated this gem to allow openssl 3.0 you would have support provided a PKey is never modified once set. The code would allow its modification but internally all that would be changed is a cached copy of the key which would no longer match the actual value in use.
Once ruby/openssl@bac56c5 or something else that allows creating a PKey with a set value is merged into the openssl gem it can be used by webauthn-ruby and cose and OpenSSL 3.0 can be supported.
Edit:
ruby/openssl#498 mentions a work around using ASN.1 representation see also cedarcode/cose-ruby#61

@nov nov mentioned this issue Apr 19, 2022
Closed
@ClearlyClaire
Copy link
Contributor

Yes, the API changed to make some structures immutable without offering a convenient way to build them. This can be worked around using other representations, such as ASN.1, which I have proposed for a few dependencies:

Unfortunately, I had no reaction from anyone maintaining those gems, so this is kind of stalled so far.

@brauliomartinezlm
Copy link
Member

brauliomartinezlm commented May 20, 2022
edited
Loading

@ClearlyClaire I'm so sorry for the delay on my side to follow up on these PRs. I've been quite busy for the last few months. I'll be paying attention to them and the one you opened for this gem shortly.

I'm fully aware OpenSSL 3 support is becoming a problem for a lot of people using this gem.

@brauliomartinezlm
Copy link
Member

This has been address by all the amazing contributions from @ClearlyClaire. Apologies for the delay on processing them 🙏 . I'm closing this issue now that webauthn 2.5.2 has been released with support for openssl 3

@paul-oms
Copy link

Thank you so much @brauliomartinezlm @ClearlyClaire - I was battling all day with a dependency conflict for OpenSSL 3 on a new dev machine and an app with this gem, and then today I woke up to a new version of Webauthn that fixes it. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ClearlyClaire @pravi @brauliomartinezlm @loqs @paul-oms