-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for OpenSSL 3 #106
base: master
Are you sure you want to change the base?
Conversation
Hi! Any response on getting this merged? |
lgtm, @ClearlyClaire any response from @zaru on getting this merged? |
+1 for this, it would be useful to have this update merged (and most importantly having this merged before support for previous openssl versions is dropped...) |
I am looking at the code line by line and in general seems good to me. However I have some doubts about the use of For example here's another implementation (less code, high-level, widely used in production) of I wonder if we can keep something like that in OpenSSL 3 - I would feel more confident. |
Are these changes necessary at all? Please try to use this https://github.com/pushpad/web-push (v2.0.0) and simply update the openssl version in the .gemspec to v3:
Then run Maybe is it because the |
Ok, the gem version (e.g. v3) can be different from the underlying C library. For example openssl gem v3 is still compatible with C library v1.1. The breaking change seems related to updating the underlying C library to v3, not the gem, which can be updated to v3. For the breaking changes caused by the C library, it seems that the Ruby core team is working on some workarounds at the gem level: Maybe that will make all these changes to this gem unnecessary (???) |
Good catch. The result is the same and it works on OpenSSL 3. Pushed the change. |
@ClearlyClaire Great! I wonder if it's possible to use a similar, high-level approach also for |
@collimarco, We have switched to web-push, version 2.1.0 and the error still persists. https://github.com/decidim/decidim/actions/runs/3648589265/jobs/6162187603 |
@alecslupu the Pushpad fork already supports openssl v3 (the ruby gem), but still uses openssl v1.1 (the C library). I also want to add support for OpenSSL v3 (C library) soon, but at the moment the official Ruby docker images still use C library v1.1, so we are ok with that. My main doubt with the code in this pull request is if we really need to go low-level (e.g. using |
I totally understand the concern. I can confirm that the patch proposed in this PR, works okay for apps using OpenSSL v3 (C library). I can confirm that Pushpad version is working fine with OpenSSL 3 gem having OpenSSL v1.1 (the C library), yet it fails when used with V3 C library. |
@collimarco are you considering merging this in your fork? That would be a reason, at least for me, to move to it. |
This is the same PR sent to the original and adjusted for this fork See zaru/webpush#106 Co-authored-by: Claire <claire.github-309c@sitedethib.com>
I have just released web-push v3.0 which is compatible with both OpenSSL v1.1 and OpenSSL v3 🎉 Note: in order to use that gem you need to use |
- The previous gem, `webpush` was last updated a while ago. Also, with the recent ruby upgrade, we needed a fix for zaru/webpush#106. Hence switching to the `web-push` gem where the issues are fixed.
I replaced the |
I can also confirm that renaming the gem from |
Move to web-push gem to fix OpenSSL 3.0 error. zaru/webpush#106 Fix various failing tests.
Starting form OpenSSL 3, PKey aren't mutable anymore, so we have to build them instead of separately setting
private_key
andpublic_key
.