deps: update openssl to 1.1.1e #32328
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
the
openssl
|
Thanks! This needs a few things:
EDIT: And just a note, this branch should be force-pushed after being updated (sometimes people close PRs and open new ones if they are not so familiar with github or git, but we prefer that not be done). |
Rebased, and pushed.
Done. The original second commit where I was modifying the scripts has been split and commit messages have been appropriately rewritten according to the guide.
I have split my configuration updates to a separate commit: deps: revised paths in scripts to reflect openssl version 1.1.1e |
|
You didn't rebase, you merged master into your local branch. Next time, do I would clean this up for you and force push, but it looks like you deselected that permission for me. If you look at the top of this PR, you'll see it has 47 commits in it! That's not right. Because of the multiple merging from master into your branch, you'd best do an interactive rebase:
In the interactive, delete all the lines that are commits that you did not write. There should be only three. Also, reorder them. After, the commits will look like: Note that last commit doesn't match the format in the guide: https://github.com/nodejs/node/blob/master/doc/guides/maintaining-openssl.md#1-obtain-and-extract-new-openssl-sources We aren't normally this nitpicky, but the openssl maintenance should match the guide, feel free to kick this back to me and/or give me write permissions on your branch if you'd like me to do the rebasing. |
If that was what was done, then there would only be a merge commit. What instead happened was that |
|
@sam-github acknowledged. |
sam-github
force-pushed
the
deps/update-openssl-to-1.1.1e
branch
4 times, most recently
from
f0cb169
to
aeeee06
Compare
|
Cleaned up and repushed. |
|
OK, needs one more commit to (at least) fix test.sequential/test-tls-psk-client? |
|
@sam-github thanks for the help |
|
@sam-github, I have fixed the test but the behavior displayed is a little awkward. |
hassaanp
force-pushed
the
deps/update-openssl-to-1.1.1e
branch
from
79f6755
to
5df62fc
Compare
|
I have pushed the code. Kindly review. |
|
Building 10.19.0 against shared openssl 1.1.1d i got an odd situation because tests ran against openssl 1.1.1e, and only one js test is failing: |
|
Still seeing lots of failures in CI on this. Would be very good for us to include this in the various releases that we have targeting next tuesday. Do folks need help with moving this forward so we can meet that timeline? We likely need backport PRs to test each release line |
Merged
sam-github
force-pushed
the
deps/update-openssl-to-1.1.1e
branch
from
5fb6391
to
c7c4fa1
Compare
|
Pushed a fix for test/parallel/test-tls-session-cache.js |
jasnell
reviewed
Mar 20, 2020
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1e.tar.gz
$ mv openssl-1.1.1e openssl
$ git add --all openssl
$ git commit openssl
The scripts used by make were modified to correctly reference the source files that were originially in crypto/include/internal, but got moved to include/crypto. The base path has been left unaltered since that would require too many changes
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/include
This test was timing out after update to OpenSSL-1.1.1e.
In openssl-1.1.1e the client doesn't seem to like having the TLS connection shut down with no data sent, so send an empty string. A number of related issues showed up in the TLS1.3 port, so this is not entirely surprising.
BethGriggs
added a commit
that referenced
this pull request
Mar 26, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
This updates all sources in deps/openssl/openssl by:
$ cd deps/openssl/
$ rm -rf openssl
$ tar zxf ~/tmp/openssl-1.1.1e.tar.gz
$ mv openssl-1.1.1e openssl
$ git add --all openssl
$ git commit openssl
PR-URL: #32328
Fixes: #32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
The scripts used by make were modified to correctly reference the source files that were originially in crypto/include/internal, but got moved to include/crypto. The base path has been left unaltered since that would require too many changes PR-URL: #32328 Fixes: #32210 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
After an OpenSSL source update, all the config files need to be
regenerated and comitted by:
$ cd deps/openssl/config
$ make
$ git add deps/openssl/config/archs
$ git add deps/openssl/include
PR-URL: #32328
Fixes: #32210
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
codebytere
pushed a commit
that referenced
this pull request
Mar 30, 2020
In openssl-1.1.1e the client doesn't seem to like having the TLS connection shut down with no data sent, so send an empty string. A number of related issues showed up in the TLS1.3 port, so this is not entirely surprising. PR-URL: #32328 Fixes: #32210 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
BethGriggs
added a commit
that referenced
this pull request
Apr 3, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 6, 2020
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 7, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.7 (Lion). As binaries are still being compiled to support a minimum
of macOS 10.7 (Lion) we do not anticipate this having a negative impact
on Node.js 10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 7, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 8, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 8, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
BethGriggs
added a commit
that referenced
this pull request
Apr 14, 2020
macOS package notarization and a change in builder configuration
The macOS binaries for this release, and future 10.x releases, are now
being compiled on macOS 10.15 (Catalina) with Xcode 11 to support
package notarization, a requirement for installing .pkg files on macOS
10.15 and later. Previous builds of Node.js 10.x were compiled on macOS
10.10 (Yosemite) with a minimum deployment target of macOS 10.7 (Lion).
As binaries are still being compiled to support a minimum of macOS 10.7
(Lion) we do not anticipate this having a negative impact on Node.js
10.x users with older versions of macOS.
Notable changes:
- buffer: add {read|write}Big\[U\]Int64{BE|LE} methods (garygsc)
[#19691](#19691)
- build: macOS package notarization (Rod Vagg)
[#31459](#31459)
- deps:
- update npm to 6.14.3 (Myles Borins)
[#32368](#32368)
- upgrade openssl sources to 1.1.1e (Hassaan Pasha)
[#32328](#32328)
- upgrade to libuv 1.34.2 (cjihrig)
[#31477](#31477)
- n-api:
- add napi\_get\_all\_property\_names (himself65)
[#30006](#30006)
- add APIs for per-instance state management (Gabriel Schulhof)
[#28682](#28682)
- define release 6
[#32058](#32058)
- turn NAPI\_CALL\_INTO\_MODULE into a function (Anna Henningsen)
[#26128](#26128)
- tls:
- expose keylog event on TLSSocket (Alba Mendez)
[#27654](#27654)
- support TLS min/max protocol defaults in CLI (Sam Roberts)
[#27946](#27946)
- url: handle quasi-WHATWG URLs in urlToOptions() (cjihrig)
[#26226](#26226)
PR-URL: #31984
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesFixes: #32210