-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
deps: update openssl to openssl1.1.1k+quic #37916
deps: update openssl to openssl1.1.1k+quic #37916
Conversation
d41048a
to
6e20276
Compare
This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1k+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences .travis-create-release.sh $ cd .. $ git add --all openssl $ git commit openssl
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit
6e20276
to
16da9a7
Compare
Manually verified 16da9a7 (tree All changes are legit. |
Thank you so much @hassaanp for putting this together :-) ... saved me part of my afternoon yesterday! |
Can someone give estimates on when this will be included in the existing LTS versions? |
It would be helpful if someone could open a PR to update openssl (from the original openssl project and not the quic fork) for the LTS staging branches as this PR isn't applicable to those versions. |
@richardlau should it not just be the same PR minus the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
No, since for master we've switched upstream OpenSSL to https://github.com/quictls/openssl whereas the older release lines keep upstream to the official OpenSSL releases. We're not talking about quic support in Node.js here (as I understand it, that hasn't been added back yet) -- the |
@richardlau in the discussion around the switch my understanding is that the https://github.com/quictls/openssl should always be exactly the same as what is in the openssl repo EXCEPT for the addition of that one extra commit. That was a key point (at least for me) as to why it would not require a bunch of extra work to support. @jasnell can you please confirm? Key thing is to understand if we'll need 2 PRs for every openSSL update (1 for master and 1 for LTS versions) |
For the downlevel branches, the openssl update should continue to come from the main openssl/openssl release distribution as it has in the past. The quictls/openssl distribution is only for master now and possibly 16.x assuming it picks it up from master. The quictls/openssl branch will always be exactly the same as what is in the official repo + multiple additional commits necessary to add the QUIC support. Those additional bits, however, are built by default and must be explicitly turned off, and the older Node.js release lines do not have the necessary guards to do so. Therefore, @richardlau is correct, we need separate PRS for the other release lines that are pulled from openssl/openssl |
Are the maintainers working on addressing this, or is the expectation that someone from the community will make those proposals? |
v14.x in #37938 |
v12.x in #37939 |
v10.x in #37940 |
This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1k+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences .travis-create-release.sh $ cd .. $ git add --all openssl $ git commit openssl PR-URL: #37916 Fixes: #37913 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37916 Fixes: #37913 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Landed in 30fe4ed...f638d8d |
Thanks for the contribution :) |
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz $ mv openssl-1.1.1k openssl $ git add --all openssl $ git commit openssl PR-URL: nodejs#37938 Refs: nodejs#37913 Refs: nodejs#37916 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: nodejs#37938 Refs: nodejs#37913 Refs: nodejs#37916 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1k.tar.gz $ mv openssl-1.1.1k openssl $ git add --all openssl $ git commit openssl PR-URL: #37939 Refs: #37913 Refs: #37916 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37939 Refs: #37913 Refs: #37916 Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1k+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ cd openssl && rm -rf .gitattributes .github/ .gitmodules .travis-apt-pin.preferences .travis-create-release.sh $ cd .. $ git add --all openssl $ git commit openssl PR-URL: #37916 Fixes: #37913 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37916 Fixes: #37913 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
After an OpenSSL source update, all the config files need to be regenerated and committed by: $ make -C deps/openssl/config $ git add deps/openssl/config/archs $ git add deps/openssl/openssl/include/crypto/bn_conf.h $ git add deps/openssl/openssl/include/crypto/dso_conf.h $ git add deps/openssl/openssl/include/openssl/opensslconf.h $ git commit PR-URL: #37940 Refs: #37913 Refs: #37916 Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Updated openssl dep to openssl1.1.1k+quic using the maintenance guide.
Fixes: #37913