Closed
Conversation
shigeki
added
semver-major
nodejs-github-bot
added
build
shigeki
force-pushed
the
upgrade_openssl110h
branch
from
cea6e02 to
d4ab4a0
Compare
vsemozhetbyt
reviewed
Apr 4, 2018
doc/api/tls.md
Outdated
Contributor
There was a problem hiding this comment.
It seems the new hash needs to be #Dealing-with-Protocol-Methods
Contributor
Author
There was a problem hiding this comment.
Fixed the hash link. I resolved some conflicts but it needs a more fix . Fixed in 9cf8473b2c75f043f81cf82785d43b4e03dda967
vsemozhetbyt
reviewed
Apr 4, 2018
BUILDING.md
Outdated
Contributor
There was a problem hiding this comment.
asssember -> assembler
Contributor
Author
There was a problem hiding this comment.
Fixed in 07d5ac52ee66ada4e4a716edb0d4880360b122d6.
BUILDING.md
Outdated
deps/openssl/README.md
Outdated
Contributor
Author
There was a problem hiding this comment.
Fixed in cb6aee5a3d8201fb656a8e971b3741d85976a9d0.
deps/openssl/README.md
Outdated
deps/openssl/README.md
Outdated
deps/openssl/README.md
Outdated
Contributor
There was a problem hiding this comment.
platforms . -> platforms.
deps/openssl/README.md
Outdated
Contributor
There was a problem hiding this comment.
openssl_common.gypi -> `openssl_common.gypi`?
deps/openssl/README.md
Outdated
Contributor
There was a problem hiding this comment.
each arch files -> each arch file?
deps/openssl/README.md
Outdated
Contributor
There was a problem hiding this comment.
I do not see (node_byteoder: little) in the rendered table. Should it be there? Is it parsed as a hidden comment?
Contributor
Author
There was a problem hiding this comment.
This is a note. I fixed it as a footnote.
deps/openssl/README.md
Outdated
Contributor
|
Are there any more docs to review except Should |
Contributor
Author
|
@vsemozhetbyt Thanks for fixing my English. Please review |
Contributor
Author
|
CI of https://ci.nodejs.org/job/node-test-pull-request/14044/ will be fine except |
vsemozhetbyt
reviewed
Apr 4, 2018
deps/openssl/README.md
Outdated
Contributor
There was a problem hiding this comment.
It is not in the table still:
Maybe it should be placed in a cell or its own column should be added?
Contributor
Author
There was a problem hiding this comment.
Sorry, I missed to view and check markdown. Fixed to include it in the cell as f8cdc0f.
vsemozhetbyt
reviewed
Apr 4, 2018
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
enviroment -> environment
deps/openssl/config/README.md
Outdated
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
sources. -> sources for consistency with other headings?
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
Get a new source... and extract them
-> Get a new source... and extract all files?
or
-> Get new source files... and extract them?
Contributor
Author
There was a problem hiding this comment.
Fixed. My choice is the former.
deps/openssl/config/README.md
Outdated
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
sources files -> source files?
deps/openssl/config/README.md
Outdated
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
4. -> 5.
Commits -> Commit?
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
Updates -> Update or This updates?
Contributor
Author
There was a problem hiding this comment.
Fixed. My choice is the former.
deps/openssl/config/README.md
Outdated
Contributor
There was a problem hiding this comment.
run test it -> run tests or test it?
Contributor
Author
There was a problem hiding this comment.
Fixed. My choice is the former.
Member
|
@shigeki so I take it from nodejs/build#1210 that you're not able to maintain backward compatibility with 1.0.2? As per nodejs/TSC#479 the hope was that we would maintain the ability to still compile against 1.0.2 in the same way that Node 8/9 can compile against 1.1.0 now. The problem is going to be with Linux distros that insist on dynamically compiling OpenSSL against what they ship, so if they don't ship OpenSSL 1.1.0 then they won't be able to ship Node 10. I'm not sure which distros, if any, that is actually going to impact, however. |
Contributor
Author
|
@rvagg It can be possible to be compatible between 1.0.2 and 1.1.0 at this moment. But I am pessimistic to maintain it until the EOLS of 1.0.2 at the end of 2019 unless we keep freezing new features of OpenSSL-1.1.x. Node8/9 could do it since we did not add no new crypto/tls features specific to 1.1.0. I'm fearing that we lose a chance to remove the support of 1.0.2 in Node10 in the future. If it needs a large discussion, I can make back compatibilities with 1.0.2 in this PR and submit a separated PR or issues to remove 1.0.2 support. |
Member
|
If it's not too much work I'd like to see 1.0.2 support maintained @shigeki. I think liberal use of "this feature is not supported by 1.0.2" runtime errors is fine so we can move forward embracing 1.1.x features and just make them not available to builds against 1.0.2, similar to how we've handled FIPS and how others have handled LibreSSL support. @bnoordhuis @indutny could either of you weigh in on this? Perhaps it's just not worth it and we should make a clean break? @kapouer are you available to offer an opinion here since you have a foot in the dynamic linking camp? If Node 10 goes out with no ability to compile against 1.0.2 how many yelps are we going to hear? |
3 tasks
shigeki
commented
Apr 5, 2018
Contributor
Author
shigeki
left a comment
shigeki
left a comment
There was a problem hiding this comment.
@vsemozhetbyt Thanks for reviewing my English. I fixed in 9a62a0c.
shigeki
force-pushed
the
upgrade_openssl110h
branch
from
9a62a0c to
53a63ef
Compare
Member
|
Btw, if the plan is for this to go in to 10.0.0, it should land no later than April 10th. After that, I'll only pull in tsc approved semver-majors |
Member
|
OK, no response to my 1.0.2 proposition so how about this: let's just land pure 1.1.0 support and ditch 1.0.2 support. It's something that could be added in afterward, during 10.x Current if enough people yelp. I'll go ahead and pull 1.0.2 out of CI for 10+ and I'll update nodejs/TSC#479 to change the plan and get that in front of the TSC. @shigeki anything else we need to get this landed? |
rvagg
reviewed
Apr 6, 2018
configure
Outdated
| o['variables']['node_use_openssl'] = b(not options.without_ssl) | ||
| o['variables']['node_shared_openssl'] = b(options.shared_openssl) | ||
| o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 | ||
| variables = o['variables']; |
rvagg
approved these changes
Apr 6, 2018
Member
|
a near perfect CI run @ https://ci.nodejs.org/job/node-test-commit/17482/, one failure, a known Raspberry Pi problem unrelated to this 👍 great work @shigeki |
Contributor
Author
|
I will wait for anyone's reviews until the next Monday night in JST. |
codebytere
added a commit
that referenced
this pull request
Apr 19, 2019
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729)
BethGriggs
added a commit
that referenced
this pull request
Apr 22, 2019
Notable changes:
* assert:
* improve performance to instantiate errors (Ruben Bridgewater)
[#26738](#26738)
* validate required arguments (Ruben Bridgewater)
[#26641](#26641)
* adjust loose assertions (Ruben Bridgewater)
[#25008](#25008)
* async_hooks:
* remove deprecated emitBefore and emitAfter (Matteo Collina)
[#26530](#26530)
* remove promise object from resource (Andreas Madsen)
[#23443](#23443)
* bootstrap
* make Buffer and process non-enumerable (Ruben Bridgewater)
[#24874](#24874)
* buffer:
* use stricter range checks (Ruben Bridgewater)
[#27045](#27045)
* harden SlowBuffer creation (ZYSzys)
[#26272](#26272)
* harden validation of buffer allocation size (ZYSzys)
[#26162](#26162)
* do proper error propagation in addon methods (Anna Henningsen)
[#23939](#23939)
* child_process:
* change the defaults maxBuffer size (kohta ito)
[#27179](#27179)
* harden fork arguments validation (ZYSzys)
[#27039](#27039)
* use non-infinite maxBuffer defaults (kohta ito)
[#23027](#23027)
* console:
* don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* crypto:
* remove legacy native handles (Tobias Nießen)
[#27011](#27011)
* decode missing passphrase errors (Tobias Nießen)
[#25208](#25208)
* move DEP0113 to End-of-Life (Tobias Nießen)
[#26249](#26249)
* remove deprecated crypto.\_toBuf (Tobias Nießen)
[#25338](#25338)
* set `DEFAULT\_ENCODING` property to non-enumerable
(Antoine du Hamel)
[#23222](#23222)
* deps:
* silence irrelevant V8 warning (Michaël Zasso)
[#26685](#26685)
* update postmortem metadata generation script (cjihrig)
[#26685](#26685)
* V8: un-cherry-pick bd019bd (Refael Ackermann)
[#26685](#26685)
* V8: cherry-pick 6 commits (Michaël Zasso)
[#26685](#26685)
* V8: cherry-pick d82c9af (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick e5f01ba (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick d5f08e4 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 6b09d21 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick f0bb5d2 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 5b0510d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 91f0cd0 (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 392316d (Anna Henningsen)
[#26685](#26685)
* V8: cherry-pick 2f79d68 (Anna Henningsen)
[#26685](#26685)
* sync V8 gypfiles with 7.4 (Ujjwal Sharma)
[#26685](#26685)
* update V8 to 7.4.288.13 (Ujjwal Sharma)
[#26685](#26685)
* bump minimum icu version to 63 (Ujjwal Sharma)
[#25852](#25852)
* silence irrelevant V8 warnings (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 7803fa6 (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick 58cefed (Jon Kunkee)
[#25852](#25852)
* V8: cherry-pick d3308d0 (Michaël Zasso)
[#25852](#25852)
* V8: cherry-pick 74571c8 (Michaël Zasso)
[#25852](#25852)
* cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen)
[#25852](#25852)
* sync V8 gypfiles with 7.3 (Ujjwal Sharma)
[#25852](#25852)
* sync V8 gypfiles with 7.2 (Michaël Zasso)
[#25852](#25852)
* update V8 to 7.3.492.25 (Michaël Zasso)
[#25852](#25852)
* add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu)
[#19794](#19794)
* sync V8 gypfiles with 7.1 (Refael Ackermann)
[#23423](#23423)
* update V8 to 7.1.302.28 (Michaël Zasso)
[#23423](#23423)
* doc:
* update behaviour of fs.writeFile
(Sakthipriyan Vairamani (thefourtheye))
[#25080](#25080)
* add internal functionality details of util.inherits
(Ruben Bridgewater)
[#24755](#24755)
* errors:
* update error name (Ruben Bridgewater)
[#26738](#26738)
* fs:
* use proper .destroy() implementation for SyncWriteStream
(Matteo Collina)
[#26690](#26690)
* improve mode validation (Ruben Bridgewater)
[#26575](#26575)
* harden validation of start option in createWriteStream (ZYSzys)
[#25579](#25579)
* make writeFile consistent with readFile wrt fd
(Sakthipriyan Vairamani (thefourtheye))
[#23709](#23709)
* http:
* validate timeout in ClientRequest() (cjihrig)
[#26214](#26214)
* return HTTP 431 on HPE\_HEADER\_OVERFLOW error (Albert Still)
[#25605](#25605)
* switch default parser to llhttp (Anna Henningsen)
[#24870](#24870)
* change DEP0066 to a runtime deprecation (Morgan Roderick)
[#24167](#24167)
* else case is not reachable (szabolcsit)
[#24176](#24176)
* lib:
* move DEP0021 to end of life (cjihrig)
[#27127](#27127)
* remove Atomics.wake (Gus Caplan)
[#27033](#27033)
* validate Error.captureStackTrace() calls (Ruben Bridgewater)
[#26738](#26738)
* refactor Error.captureStackTrace() usage (Ruben Bridgewater)
[#26738](#26738)
* move DTRACE\_\* probes out of global scope (James M Snell)
[#26541](#26541)
* deprecate \_stream\_wrap (Sam Roberts) [#26245]
(#26245)
* don't use `util.inspect()` internals (Ruben Bridgewater)
[#24971](#24971)
* improve error message for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* requireStack property for MODULE\_NOT\_FOUND (Ali Ijaz Sheikh)
[#25690](#25690)
* move DEP0029 to end of life (cjihrig)
[#25377](#25377)
* move DEP0028 to end of life (cjihrig)
[#25377](#25377)
* move DEP0027 to end of life (cjihrig)
[#25377](#25377)
* move DEP0026 to end of life (cjihrig)
[#25377](#25377)
* move DEP0023 to end of life (cjihrig)
[#25280](#25280)
* move DEP0006 to end of life (cjihrig)
[#25279](#25279)
* remove unintended access to deps/ (Anna Henningsen)
[#25138](#25138)
* move DEP0120 to end of life (cjihrig)
[#24862](#24862)
* use ES6 class inheritance style (Ruben Bridgewater)
[#24755](#24755)
* remove `inherits()` usage (Ruben Bridgewater)
[#24755](#24755)
* module:
* remove dead code (Ruben Bridgewater)
[#26983](#26983)
* mark DEP0019 as End-of-Life (Ruben Bridgewater)
[#26973](#26973)
* throw an error for invalid package.json main entries
(Ruben Bridgewater)
[#26823](#26823)
* don't search in require.resolve.paths (cjihrig)
[#23683](#23683)
* n-api:
* remove code from error name (Ruben Bridgewater)
[#26738](#26738)
* net:
* do not manipulate potential user code (Ruben Bridgewater)
[#26751](#26751)
* emit "write after end" errors in the next tick (Ouyang Yadong)
[#24457](#24457)
* deprecate \_setSimultaneousAccepts() undocumented function
(James M Snell)
[#23760](#23760)
* net,http2:
* merge setTimeout code (ZYSzys)
[#25084](#25084)
* os:
* implement os.type() using uv\_os\_uname() (cjihrig)
[#25659](#25659)
* process:
* global.process, global.Buffer getters (Guy Bedford)
[#26882](#26882)
* move DEP0062 (node --debug) to end-of-life (Joyee Cheung)
[#25828](#25828)
* exit on --debug and --debug-brk after option parsing (Joyee Cheung)
[#25828](#25828)
* improve `--redirect-warnings` handling (Ruben Bridgewater)
[#24965](#24965)
* readline:
* support TERM=dumb (Vladislav Kaminsky)
[#26261](#26261)
* repl:
* add welcome message (gengjiawen)
[#25947](#25947)
* fix terminal default setting (Ruben Bridgewater)
[#26518](#26518)
* check colors with .getColorDepth() (Vladislav Kaminsky)
[#26261](#26261)
* deprecate REPLServer.rli (Ruben Bridgewater)
[#26260](#26260)
* src:
* remove unused INT\_MAX constant (Sam Roberts)
[#27078](#27078)
* update NODE\_MODULE\_VERSION to 72 (Ujjwal Sharma)
[#26685](#26685)
* remove `AddPromiseHook()` (Anna Henningsen)
[#26574](#26574)
* update NODE\_MODULE\_VERSION to 71 (Michaël Zasso)
[#25852](#25852)
* clean up MultiIsolatePlatform interface (Anna Henningsen)
[#26384](#26384)
* properly configure default heap limits (Ali Ijaz Sheikh)
[#25576](#25576)
* remove icuDataDir from node config (GauthamBanasandra)
[#24780](#24780)
* explicitly allow JS in ReadHostObject (Yang Guo)
[#23423](#23423)
* update postmortem constant (cjihrig)
[#23423](#23423)
* update NODE\_MODULE\_VERSION to 68 (Michaël Zasso)
[#23423](#23423)
* tls:
* support TLSv1.3 (Sam Roberts)
[#26209](#26209)
* return correct version from getCipher() (Sam Roberts)
[#26625](#26625)
* check arg types of renegotiate() (Sam Roberts)
[#25876](#25876)
* add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts)
[#24729](#24729)
* emit a warning when servername is an IP address (Rodger Combs)
[#23329](#23329)
* disable TLS v1.0 and v1.1 by default (Ben Noordhuis)
[#23814](#23814)
* remove unused arg to createSecureContext() (Sam Roberts)
[#24241](#24241)
* deprecate Server.prototype.setOptions() (cjihrig)[
#23820](#23820)
* load NODE\_EXTRA\_CA\_CERTS at startup (Ouyang Yadong)
[#23354](#23354)
* util:
* change inspect compact and breakLength default (Ruben Bridgewater)
[#27109](#27109)
* improve inspect edge cases (Ruben Bridgewater)
[#27109](#27109)
* only the first line of the error message (Simon Zünd)
[#26685](#26685)
* don't set the prototype of callbackified functions
(Ruben Bridgewater)
[#26893](#26893)
* rename callbackified function (Ruben Bridgewater)
[#26893](#26893)
* increase function length when using `callbackify()`
(Ruben Bridgewater)
[#26893](#26893)
* prevent tampering with internals in `inspect()` (Ruben Bridgewater)
[#26577](#26577)
* fix proxy inspection (Ruben Bridgewater)
[#26241](#26241)
* prevent leaking internal properties (Ruben Bridgewater)
[#24971](#24971)
* protect against monkeypatched Object prototype for inspect()
(Rich Trott)
[#25953](#25953)
* treat format arguments equally (Roman Reiss)
[#23162](#23162)
* win, fs:
* detect if symlink target is a directory (Bartosz Sosnowski)
[#23724](#23724)
* zlib:
* throw TypeError if callback is missing (Anna Henningsen)[
#24929](#24929)
* make “bare” constants un-enumerable (Anna Henningsen)
[#24824](#24824)
PR-URL: #26930
This was referenced Apr 23, 2019
codebytere
added a commit
that referenced
this pull request
Apr 30, 2019
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729) PR-URL: #27314
codebytere
added a commit
that referenced
this pull request
Apr 30, 2019
Notable changes: * deps: add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) [#19794](#19794) * src: add .code and SSL specific error properties (Sam Roberts) [#25093](#25093) * tls: * add --tls-min-v1.2 CLI switch (Sam Roberts) [#26951](#26951) * supported shared openssl 1.1.0 (Sam Roberts) [#26951](#26951) * revert default max toTLSv1.2 (Sam Roberts) [#26951](#26951) * revert change to invalid protocol error type (Sam Roberts) [#26951](#26951) * support TLSv1.3 (Sam Roberts) [#26209](#26209) * add code for ERR\_TLS\_INVALID\_PROTOCOL\_METHOD (Sam Roberts) [#24729](#24729) PR-URL: #27314
BaochengSu
added a commit
to BaochengSu/node
that referenced
this pull request
Oct 22, 2020
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <[email protected]> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> commit 161dca7 Author: Sam Roberts <[email protected]> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <[email protected]> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Signed-off-by: Su Baocheng <[email protected]>
BaochengSu
added a commit
to BaochengSu/node
that referenced
this pull request
Jul 14, 2022
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:openssl_1_1_1.patch Original commit message: Backport OpenSSL 1.1.1 support, mostly be disabling TLS 1.3 Upstream commits: commit 8dd8033 Author: Shigeki Ohtsu <[email protected]> Date: Wed Sep 12 17:34:24 2018 +0900 tls: workaround handshakedone in renegotiation `SSL_CB_HANDSHAKE_START` and `SSL_CB_HANDSHAKE_DONE` are called sending HelloRequest in OpenSSL-1.1.1. We need to check whether this is in a renegotiation state or not. Backport-PR-URL: nodejs#26270 PR-URL: nodejs#25381 Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Shigeki Ohtsu <[email protected]> commit 161dca7 Author: Sam Roberts <[email protected]> Date: Wed Nov 28 14:11:18 2018 -0800 tls: re-define max supported version as 1.2 Several secureProtocol strings allow any supported TLS version as the maximum, but our maximum supported protocol version is TLSv1.2 even if someone configures a build against an OpenSSL that supports TLSv1.3. Fixes: nodejs#24658 PR-URL: nodejs#25024 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Partial port, remain compatible with 1.0.2: commit 970ce14 Author: Shigeki Ohtsu <[email protected]> Date: Wed Mar 14 14:26:55 2018 +0900 crypto: remove deperecated methods of TLS version All version-specific methods were deprecated in OpenSSL 1.1.0 and min/max versions explicitly need to be set. This still keeps comptatible with JS and OpenSSL-1.0.2 APIs for now. crypto, constants: add constant of OpenSSL-1.1.0 Several constants for OpenSSL-1.1.0 engine were removed and renamed in OpenSSL-1.1.0. This added one renamed constant in order to have a compatible feature with that of OpenSSL-1.0.2. Other missed or new constants in OpenSSL-1.1.0 are not yet added. crypto,tls,constants: remove OpenSSL1.0.2 support This is semver-majar change so that we need not to have compatibilities with older versions. Fixes: nodejs#4270 PR-URL: nodejs#19794 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Rod Vagg <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Signed-off-by: Su Baocheng <[email protected]>
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Aug 20, 2022
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116
nodejs-github-bot
pushed a commit
that referenced
this pull request
Aug 22, 2022
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
RafaelGSS
pushed a commit
that referenced
this pull request
Sep 5, 2022
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: #1529 Refs: #10859 Refs: #19794 Refs: #38116 PR-URL: #44300 Reviewed-By: Feng Yu <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Sep 10, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794
nodejs-github-bot
pushed a commit
that referenced
this pull request
Sep 12, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: #19794 PR-URL: #44589 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Fyko
pushed a commit
to Fyko/node
that referenced
this pull request
Sep 15, 2022
This function was introduced in 2684c90 as an internal helper function. The C++ implementation became a no-op in a57e2f2 when building against OpenSSL 1.1.0 (instead of OpenSSL 1.0.2), and eventually became a no-op in all supported OpenSSL versions in 970ce14. Finally, eb20447 removed the only call site of setFreeListLength (which was already a no-op at that point). Refs: nodejs#1529 Refs: nodejs#10859 Refs: nodejs#19794 Refs: nodejs#38116 PR-URL: nodejs#44300 Reviewed-By: Feng Yu <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
Fyko
pushed a commit
to Fyko/node
that referenced
this pull request
Sep 15, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: nodejs#19794 PR-URL: nodejs#44589 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
RafaelGSS
pushed a commit
that referenced
this pull request
Sep 26, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: #19794 PR-URL: #44589 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
RafaelGSS
pushed a commit
that referenced
this pull request
Sep 26, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: #19794 PR-URL: #44589 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
RafaelGSS
pushed a commit
that referenced
this pull request
Sep 26, 2022
These constants have not existed since OpenSSL 1.1.0 reached EOL a few years ago. Refs: #19794 PR-URL: #44589 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesThis has very big patches due to the source updates from OpenSSL-1.0.2o to 1.1.0h and generated asm files which are not necessary to be reviewed in this PR.
In order to see the differences easily for reviewers, I made two branches in which those changes are removed. Please refer the branch diffs as below in reviewing for it has just several thousands kb diffs.
shigeki/node@raw_upgrade_openssl110h...shigeki:no_archfiles_upgrade_openssl110h
Note that this has a new build requirement of assembler for asm support. Especially nasm is needed to build Windows that is required by OpenSSL. Please refer 9e38498 for details.
CC @nodejs/crypto @nodejs/tsc
The following is the description written in
deps/openssl/README.mdThis has a new binding scheme in builing OpenSSL-1.1.0 library with
Node.js. OpenSSL-1.1.0 uses a new build system with perl for various
supported platforms. See
openssl/Configurations/READMEandopenssl/Configurations/README.designin the OpenSSL source fordetails.
In order to build OpenSSL library without perl in the build of Node.js
for various supported platforms, platform dependent files (e.g. asm
and header files ) are pre-generated and stored into the
config/archsdirectory.config/Makefileandconfig/generate_gypi.plMakefile has supported platform list and generates and copies
platform dependent files (e.g. asm files) into arch directory with
generate.pl. Platform dependent gypi files also created obtaining
build information from
configdata.pmthat is generated withConfigurein the OpenSSL build system.For Windows,
Configuregenerates makefile that is only available tonmake command.
config/Makefile_VC-WIN32andconfig/Makefile_VC-WIN64Aare made created by hand for the use ofGNU make. If make rules or targets are changed in the version up of
OpenSSL, they should be also updated.
gyp and gypi files (
openssl*.{gyp,gypi})openssl.gyphas two targets of openssl and openssl-cli referredfrom
node.gyp. They includes asm and no_asm gypi files with archdependent gypi according to its build options and platforms . The
gyp data which is common with asm and no_asm are stored in
openssl_common.gypi.
header files (
config/*.{h,h.tmpl})bn_conf.h,dso_conf.handopensslconf.hare platform dependentin the OpenSSL sources. They are replaced with
config/*.h.tmplfiles to include the file in the
../../../config/and referred toeach arch files that depends on asm and no-asm option.
Supported architectures for use of ASM
Here is a list of supported architectures for use of ASM in OpenSSL.
These are listed in config/Makefile.
Please refer config/opensslconf_asm.h for details.
Upgrading OpenSSL
Please refer config/README.md .