Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: update OpenSSL to 3.0.16 #57335

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

deps: update OpenSSL to 3.0.16 #57335

wants to merge 3 commits into from

Conversation

nodejs-github-bot
Copy link
Collaborator

This is an automated update of OpenSSL to 3.0.16.

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. openssl Issues and PRs related to the OpenSSL dependency. labels Mar 5, 2025
@nodejs-github-bot
Copy link
Collaborator Author

Review requested:

  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Mar 5, 2025
@richardlau richardlau mentioned this pull request Mar 5, 2025
Closed
@richardlau richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 5, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 5, 2025
@nodejs-github-bot
Copy link
Collaborator Author

CI: https://ci.nodejs.org/job/node-test-pull-request/65592/

ananasik365

This comment was marked as spam.

Sign in to view

lpinca
lpinca approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@lpinca lpinca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RSLGTM

@jasnell
Copy link
Member

jasnell commented Mar 7, 2025

So I know, is this updating to the mainline OpenSSL or is this still the quictls fork?

@richardlau
Copy link
Member

richardlau commented Mar 7, 2025
edited
Loading

So I know, is this updating to the mainline OpenSSL or is this still the quictls fork?

Mainline OpenSSL. It is the result of running the GitHub OpenSSL update workflow after landing #57301.

@jasnell
Copy link
Member

jasnell commented Mar 8, 2025
edited
Loading

Note that the maintaining openssl doc will need to be updated also, as that still refers to the quictls fork. I've started locally trying to see how well openssl 3.5 builds. So far I've run into one issue with comp.h.in not generating. ... ok, yeah, as expected there are a number of updates that need to be made to the build files for 3.5 to build. Several new header templates to generate, other headers and impl files that have moved around.

@panva
Copy link
Member

panva commented Mar 8, 2025
edited
Loading

Note that the maintaining openssl doc will need to be updated also, as that still refers to the quictls fork. I've started locally trying to see how well openssl 3.5 builds. So far I've run into one issue with comp.h.in not generating. ... ok, yeah, as expected there are a number of updates that need to be made to the build files for 3.5 to build. Several new header templates to generate, other headers and impl files that have moved around.

Really? I've built and installed 3.5 from main and built/linked it to Node.js with 0 issues just a couple days ago. Warnings many, errors 0. macOS here, only ran tools/test.py -J crypto webcrypto tho

@jasnell
Copy link
Member

jasnell commented Mar 8, 2025

Interesting. What process did you use for updating? I'm trying from master and it's just not building

@panva
Copy link
Member

panva commented Mar 8, 2025

Interesting. What process did you use for updating? I'm trying from master and it's just not building

  • cloned openssl, configure, make, make install
  • in node ./configure --shared-openssl --shared-openssl-includes=/usr/local/include --shared-openssl-libpath=/usr/local/lib --node-builtin-modules-path $(pwd) --ninja and make
./node -p process.versions.openssl
3.5.0-dev

➜  node git:(main) tools/test.py -J crypto webcrypto 
[00:07|% 100|+ 135|-   0]: Done                                               

All tests passed.

@panva
Copy link
Member

panva commented Mar 8, 2025

Granted first I tried just copying the openssl repo to deps but that has failed spectacularly.

@jasnell
Copy link
Member

jasnell commented Mar 8, 2025

Ok yeah, I was going the "official" route with deps and that was... A big fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ananasik365 ananasik365 ananasik365 left review comments

@panva panva panva approved these changes

@lpinca lpinca lpinca approved these changes

@richardlau richardlau richardlau approved these changes

@RafaelGSS RafaelGSS RafaelGSS approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. openssl Issues and PRs related to the OpenSSL dependency.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@nodejs-github-bot @jasnell @richardlau @panva @lpinca @RafaelGSS @marco-ippolito @ananasik365