-
-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support openssl 3 (Fixes: #100) #101
Conversation
The openssl API introduced some breaking changes which are fixed by this commit. For more information about those changes check this out: https://github.com/ruby/openssl/blob/master/History.md#version-300 Co-authored-by: Sergio Durigan Junior <[email protected]>
Cc @sergiodj |
@nov will you have time to take a look at this PR any time soon? The CI jobs are failing but it seems unrelated to the changes, it is a failure when cloning a submodule. I'd recommend to also test it with Ubuntu 22.04 to make sure it is working fine with OpenSSL 3. |
Can't we wait for openssl gem to add better interface so that we don't need such low level code here? |
@nov do you have any information if openssl gem maintainers are planning to do what you are expecting? I just checked their git repo and I do not see many changes in that direction. AFAIU the maintainers just tried to follow the API changes applied by the openssl lib maintainers. In net-ssh gem, we proposed a similar patch set and it was merged by them. Please let me know if you have some information that I am not aware of. I do not want to leave json-jwt gem broken in Ubuntu 22.04 for too long, so it would be great if we could reach a consensus. TIA! |
I'm waiting openssl gem introduce new interface for key params setters as described here. |
@nov the openssl PR you linked was already merged, so I think the maintainers are not planning to provide a different interface (I also did not find any WIP PR regarding a change in the key's API). The changes I am proposing here are compliant with that. I do not think that changes here are too low level, the thing is that now we need to use the ASN1 data structure to set the values before creating a key because it is immutable now. |
@nov could you please revisit the comments here? |
What I expect is something like |
Is there any news on this? We migrated to Ubuntu 22.04 which caused our OIDC implementation to fail due to this incompatibility. |
Hum, no progress on openssl gem side. |
never mind. I do rebase and merge on my side at #102 |
BTW, if you know the way to let travis test against openssl3, pull requests for that is very helpful not to break openssl 3 compatibility unexpectedly in future. |
@nov Travis seems to use an ancient Ubuntu version. I opened a pull request which adds test against Ruby 3.1 on Ubuntu 22.04 (which uses OpenSSL3) using GitHub Actions. |
thanks! |
The openssl API introduced some breaking changes which are fixed by this
commit. For more information about those changes check this out:
https://github.com/ruby/openssl/blob/master/History.md#version-300
Co-authored-by: Sergio Durigan Junior [email protected]
With the proposed changes all tests are passing with OpenSSL 3. You can easily test it in a system running Ubuntu 22.04 which has OpenSSL 3 as the default.