src: fix dynamically linked OpenSSL version #53456

richardlau · 2024-06-14T18:57:41Z

Some fixes for dynamically linked OpenSSL (i.e. configure --shared-openssl):

src: fix dynamically linked OpenSSL version
Report the version of OpenSSL that Node.js is running with instead
of the version of OpenSSL that Node.js was compiled against.
test: check against run-time OpenSSL version
Update common.hasOpenSSL3* to check against the run-time version of
OpenSSL instead of the version of OpenSSL that Node.js was compiled
against.
Add a generalized common.hasOpenSSL() so we do not need to keep adding
new checks for each new major/minor of OpenSSL.

There's a secondary issue, where all of process.versions is currently captured in the snapshot and thus reflects the snapshot-time values rather than run-time ones. That is being addressed separately by #53444.

cc @nodejs/crypto

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against.

Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL.

richardlau · 2024-06-14T18:59:30Z

test/parallel/test-crypto-dh.js

-    const v = crypto.constants.OPENSSL_VERSION_NUMBER;
-    const hasOpenSSL3WithNewErrorMessage = (v >= 0x300000c0 && v <= 0x30100000) || (v >= 0x30100040 && v <= 0x30200000);
+    const hasOpenSSL3WithNewErrorMessage = (common.hasOpenSSL(3, 0, 12) && !common.hasOpenSSL(3, 1, 0)) ||
+                                           (common.hasOpenSSL(3, 1, 4) && !common.hasOpenSSL(3, 2, 0));


I've translated the existing checks, but there's actually an issue here which is that OpenSSL 3.2 and 3.3 have the new error message but fail the hasOpenSSL3WithNewErrorMessage check. I'm thinking this could be explicitly fixed in a follow up PR, but let me know if you prefer me to include it here since I'm changing the check anyway.

test/parallel/test-crypto-dh.js

nodejs-github-bot · 2024-06-15T16:39:44Z

CI: https://ci.nodejs.org/job/node-test-pull-request/59797/

nodejs-github-bot · 2024-06-15T18:51:39Z

CI: https://ci.nodejs.org/job/node-test-pull-request/59799/

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against. PR-URL: #53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

nodejs-github-bot · 2024-06-18T14:48:27Z

Landed in 26f2cbd...3e7129e

Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: #53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against. PR-URL: #53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: #53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against. PR-URL: nodejs#53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: nodejs#53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against. PR-URL: nodejs#53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

Update `common.hasOpenSSL3*` to check against the run-time version of OpenSSL instead of the version of OpenSSL that Node.js was compiled against. Add a generalized `common.hasOpenSSL()` so we do not need to keep adding new checks for each new major/minor of OpenSSL. PR-URL: nodejs#53456 Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tobias Nießen <[email protected]>

richardlau added 2 commits June 14, 2024 16:51

src: fix dynamically linked OpenSSL version

f132c85

Report the version of OpenSSL that Node.js is running with instead of the version of OpenSSL that Node.js was compiled against.

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Jun 14, 2024

richardlau commented Jun 14, 2024

View reviewed changes

lpinca reviewed Jun 14, 2024

View reviewed changes

test/parallel/test-crypto-dh.js Outdated Show resolved Hide resolved

fixup! test: check against run-time OpenSSL version

067a462

richardlau added the commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. label Jun 14, 2024

lpinca approved these changes Jun 14, 2024

View reviewed changes

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label Jun 14, 2024

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jun 14, 2024

This comment was marked as outdated.

Sign in to view

richardlau marked this pull request as draft June 15, 2024 13:49

fixup! test: check against run-time OpenSSL version

3f69079

richardlau marked this pull request as ready for review June 15, 2024 18:01

lpinca approved these changes Jun 15, 2024

View reviewed changes

richardlau added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jun 15, 2024

tniessen approved these changes Jun 18, 2024

View reviewed changes

richardlau added the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 18, 2024

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Jun 18, 2024

nodejs-github-bot closed this Jun 18, 2024

richardlau mentioned this pull request Jun 18, 2024

test: fix OpenSSL version checks #53503

Open

richardlau deleted the opensslver branch June 18, 2024 22:48

targos mentioned this pull request Jun 25, 2024

v22.4.0 release proposal #53583

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src: fix dynamically linked OpenSSL version #53456

src: fix dynamically linked OpenSSL version #53456

richardlau commented Jun 14, 2024

richardlau Jun 14, 2024

This comment was marked as outdated.

This comment was marked as outdated.

This comment was marked as outdated.

nodejs-github-bot commented Jun 15, 2024

nodejs-github-bot commented Jun 15, 2024

nodejs-github-bot commented Jun 18, 2024

src: fix dynamically linked OpenSSL version #53456

src: fix dynamically linked OpenSSL version #53456

Conversation

richardlau commented Jun 14, 2024

richardlau Jun 14, 2024

Choose a reason for hiding this comment

This comment was marked as outdated.

This comment was marked as outdated.

This comment was marked as outdated.

nodejs-github-bot commented Jun 15, 2024

nodejs-github-bot commented Jun 15, 2024

nodejs-github-bot commented Jun 18, 2024