Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible: update OpenSSL 3.0 to use quictls/openssl #2613

Merged
merged 2 commits into from
Apr 26, 2021
Merged

ansible: update OpenSSL 3.0 to use quictls/openssl #2613

merged 2 commits into from
Apr 26, 2021

Conversation

danbev
Copy link
Contributor

@danbev danbev commented Apr 8, 2021

This commit update the version of OpenSSL 3.0 to use the quictls/openssl
fork. This for will be used until upstream OpenSSL includes support for
the QUIC protocol. At that point we can switch back to using upstream
again.

@danbev danbev mentioned this pull request Apr 8, 2021
Closed
richardlau
richardlau reviewed Apr 8, 2021
View reviewed changes
ansible/roles/docker/templates/ubuntu1804_sharedlibs.Dockerfile.j2 Outdated
@@ -58,7 +58,7 @@ ENV OPENSSL300DIR /opt/openssl-3.0.0

RUN mkdir -p /tmp/openssl_3.0.0 && \
cd /tmp/openssl_3.0.0 && \
curl -sL https://www.openssl.org/source/openssl-3.0.0-alpha13.tar.gz | tar zxv --strip=1 && \
curl -sL https://github.com/quictls/openssl/archive/refs/tags/openssl-3.0.0-alpha13.tar.gz | tar zxv --strip=1 && \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this contain the quic patches?

https://github.com/quictls/openssl/releases/tag/openssl-3.0.0-alpha13 points to quictls/openssl@88df2c0 and I don't see any of the quic commits in https://github.com/quictls/openssl/commits/openssl-3.0.0-alpha13 (compared to https://github.com/quictls/openssl/commits/openssl-3.0.0-alpha13+quic).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought they would be included but perhaps they are not. I'll take a closer look. And yes we should hold off a day or tow so that we can update to alpha14 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it alright to use git clone instead?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Go for it 😄

@richardlau
Copy link
Member

FWIW the OpenSSL project released 3.0.0-alpha14 today: https://mta.openssl.org/pipermail/openssl-announce/2021-April/000199.html
We could wait a day or two for the fork to catch up.

@rvagg
Copy link
Member

rvagg commented Apr 9, 2021
edited
Loading

btw I've just updated to alpha14 on the containers and there seems to be a couple of broken TLS tests -- for some reason the curl <openssl> | tar was broken even though I could make it work locally, something about "contents not gzip", so I just bumped the version and it ran again but it means we have a new version in the containers. PR coming soon but I've been working on getting the cross-compile containers working properly which is why I needed this fixed.

@danbev
Copy link
Contributor Author

danbev commented Apr 9, 2021

@rvagg About the failing tests, I'm seeing two failure which are test-crypto-dh-stateless.js and test-crypto-dh.js. Are those the same failures you've run into?

@richardlau
Copy link
Member

@danbev those are the two tests failing in the CI: https://ci.nodejs.org/job/node-test-commit-linux-containered/26389/nodes=ubuntu1804_sharedlibs_openssl300_x64/

@danbev
Copy link
Contributor Author

danbev commented Apr 9, 2021

@richardlau I've got a fix for one of then and I can skip the other until I've sorted it out. Should I create PRs against master for them?

@richardlau
Copy link
Member

@danbev Yes, please do.

@richardlau richardlau mentioned this pull request Apr 9, 2021
Merged
@danbev danbev mentioned this pull request Apr 9, 2021
Closed
@danbev
ansible: update OpenSSL 3.0 to use quictls/openssl
417f5d9 
This commit update the version of OpenSSL 3.0 to use the quictls/openssl
fork. This for will be used until upstream OpenSSL includes support for
the QUIC protocol. At that point we can switch back to using upstream
again.
@danbev danbev force-pushed the update_openssl3_quic branch from dd5a000 to 417f5d9 Compare April 13, 2021 11:18
@danbev
Copy link
Contributor Author

danbev commented Apr 13, 2021

@richardlau The latest commit here is using git to clone [email protected]:quictls/openssl.git and the default branch is openssl-3.0.0-alpha14+quic which migth be nice for us so that we don't have to update it manually (hopefully). Would this work do you think?

@richardlau
Copy link
Member

@danbev I think so. I'll try to get #2607 applied and merged first and then look at this one.

@danbev
Copy link
Contributor Author

danbev commented Apr 13, 2021

I'll try to get #2607 applied and merged first and then look at this one.

Awesome, thanks!

This was referenced Apr 23, 2021
Closed
Closed
@richardlau
Copy link
Member

Deployed this (with openssl3.0.0-alpha14+quic) to the docker hosts and started a test build: https://ci.nodejs.org/job/node-test-commit-linux-containered/26738/nodes=ubuntu1804_sharedlibs_openssl300_x64/

@richardlau richardlau merged commit f4fe95d into nodejs:master Apr 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richardlau richardlau richardlau approved these changes

@AshCripps AshCripps AshCripps approved these changes

Assignees
No one assigned
Labels
ansible
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@danbev @richardlau @rvagg @AshCripps