Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump webpush from 0.3 to 1.1.0 #18457

Closed
wants to merge 2 commits into from
Closed

Bump webpush from 0.3 to 1.1.0 #18457

wants to merge 2 commits into from

Conversation

ClearlyClaire
Copy link
Contributor

WebPush changed content encoding from aesgcm to aes128gcm, so the code needs a few changes. (See zaru/webpush#75)

The encryption algorithm remain the same, and as far as I know, the content encoding for aesgcm is being deprecated in favor of aes128gcm. I've also seen reports that push notifications using aesgcm do not work on Microsoft Edge, but I haven't tried that out myself. I suppose this may break compatibility with older web push servers, so this may need some additional testing.

@ClearlyClaire
Bump webpush from 0.3 to 1.1.0
39b708d 
WebPush changed content encoding from aesgcm to aes128gcm, so the code needs a
few changes.
@ClearlyClaire
Add tests
7f4a3fc
@Gargron Gargron added the breaking Incompatible with previous versions label May 19, 2022
@Gargron
Copy link
Member

Gargron commented May 19, 2022

toot-relay, PushToFCM, toot-relay-fcm, and webpush-fcm-relay are all hardcoded to the aesgcm algorithm. This would break compatibility with the official apps, Toot! on iOS, Subway Tooter, and Fedi for Pleroma and Mastodon.

@ClearlyClaire
Copy link
Contributor Author

toot-relay, PushToFCM, toot-relay-fcm, and webpush-fcm-relay are all hardcoded to the aesgcm algorithm. This would break compatibility with the official apps, Toot! on iOS, Subway Tooter, and Fedi for Pleroma and Mastodon.

😩

aes128gcm is the standard, so it would be good if we used it, instead of the old aesgcm.

In the meantime, I guess I can try making a webpush fork with OpenSSL 3 support based on the aesgcm version…

@ClearlyClaire ClearlyClaire mentioned this pull request May 19, 2022
Merged
@stale
Copy link

stale bot commented Sep 21, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status/wontfix This will not be worked on label Sep 21, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Dec 9, 2022

This pull request has merge conflicts that must be resolved before it can be merged.

@ThisIsMissEm
Copy link
Contributor

ThisIsMissEm commented Aug 15, 2023
edited
Loading

toot-relay, PushToFCM, toot-relay-fcm, and webpush-fcm-relay are all hardcoded to the aesgcm algorithm. This would break compatibility with the official apps, Toot! on iOS, Subway Tooter, and Fedi for Pleroma and Mastodon.

@Gargron are these still hardcoded? I just noticed that PushPad have forked the Webpush gem and have upgraded it to include the OpenSSL 3.0 changes, and more: https://github.com/pushpad/web-push

(I've opened a PR for migrating to web-push: #26496

ThisIsMissEm added a commit to ThisIsMissEm/mastodon that referenced this pull request Aug 15, 2023
@ThisIsMissEm
Chore: Migrate from webpush gem to web-push gem
429cef0 
This removes the need for pulling the gem from a commit in a fork of the GitHub repository, in favour of using a gem that is maintained and published on rubygems. This may have similar issues to mastodon#18457 with regards to compatibility, however it does include the same OpenSSL 3 fix from Claire's fork
@ThisIsMissEm ThisIsMissEm mentioned this pull request Aug 15, 2023
Closed
@renchap renchap added the dependencies Pull requests that update a dependency file label Aug 15, 2023
@p1gp1g
Copy link
Contributor

p1gp1g commented Dec 13, 2023

If it is possible, a backward compatible solution would be to use /api/v1/push/ to use the legacy protocol, and /api/v2/push for webpush (RFC)

@mjankowski
Copy link
Contributor

Has there been any more thought to an upgrade path on this? Seems worth nudging things towards standards where possible ... could leave some legacy support in place basically forever, or until sufficient client support/upgrades happened.

@p1gp1g
Copy link
Contributor

p1gp1g commented Nov 22, 2024

I plan to do it in some weeks and open a PR :)

@mjankowski mjankowski added the ruby Pull requests that update Ruby code label Nov 30, 2024
@mjankowski
Copy link
Contributor

I plan to do it in some weeks and open a PR :)

Excellent, will look for it.

@p1gp1g p1gp1g mentioned this pull request Jan 9, 2025
Merged
@p1gp1g
Copy link
Contributor

p1gp1g commented Jan 9, 2025

Here it is: #33528

@ClearlyClaire
Copy link
Contributor Author

Closing in favor of #33528

@ClearlyClaire ClearlyClaire mentioned this pull request Jan 13, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
breaking Incompatible with previous versions dependencies Pull requests that update a dependency file rebase needed 🚧 ruby Pull requests that update Ruby code status/wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ClearlyClaire @Gargron @ThisIsMissEm @p1gp1g @mjankowski @renchap