[v16.x] src: add --openssl-legacy-provider option by danbev · Pull Request #42972 · nodejs/node

danbev · 2022-05-05T09:02:44Z

This commit adds an option to Node.js named --openssl-legacy-provider
and if specified will load OpenSSL 3.0 Legacy provider when dynamically
linking Node.js v16.x with OpenSSL 3.0.

Building:
$ ./configure --shared-openssl \
 --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \
 --shared-openssl-includes=/path/openssl_quic-3.0/include \
 --shared-openssl-libname=crypto,ssl
$ make -j8

Verify option is available:

$ ./node --help
...
--openssl-legacy-provider  enable OpenSSL 3.0 legacy provider

Usage:

$ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64
$ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/
$ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf
$ ./node --openssl-legacy-provider  -p 'crypto.createHash("md4")'
Hash {
  _options: undefined,
  [Symbol(kHandle)]: Hash {},
  [Symbol(kState)]: { [Symbol(kFinalized)]: false }
}

Fixes: #40948

Refs: #40455
PR-URL: #40478
Reviewed-By: Richard Lau rlau@redhat.com
Reviewed-By: Tobias Nießen tniessen@tnie.de

nodejs-github-bot · 2022-05-05T09:02:48Z

Review requested:

@nodejs/crypto

nodejs-github-bot · 2022-05-05T12:37:55Z

CI: https://ci.nodejs.org/job/node-test-pull-request/43893/

mhdawson

LGTM

danbev · 2022-05-15T17:47:52Z

Would someone be able to merge this (I'm not authorized to do so)?

juanarbol · 2022-05-29T01:19:20Z

Would someone be able to merge this (I'm not authorized to do so)?

I will :)

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider. $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Example usage: $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Co-authored-by: Richard Lau <rlau@redhat.com> Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Refs: #40455 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com>

BethGriggs · 2022-06-01T12:42:48Z

Temporarily backed this out for ease as the imminent release is due to be a patch, not a minor. I will land this PR again after #43272 ships

Artur- · 2022-06-20T05:51:41Z

Could this be landed now as #43272 was shipped?

danielleadams · 2022-06-23T01:18:06Z

@danbev can you update the commit message so that it does not include [16.x backport]? The commit message has to follow the format rules to pass the linter. (Contributing guides)

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: nodejs#40948 Refs: nodejs#40455 PR-URL: nodejs#40478 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

danbev · 2022-06-23T04:17:16Z

@danielleadams I've been following the instructions in backporting-to-release-lines which was the reason for addding the [16.x backport] to the commit message.

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

targos · 2022-07-18T10:08:12Z

Landed in e903cd1

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: #40948 Refs: #40455 PR-URL: #40478 Backport-PR-URL: #42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

This commit adds an option to Node.js named --openssl-legacy-provider and if specified will load OpenSSL 3.0 Legacy provider when dynamically linking Node.js v16.x with OpenSSL 3.0. Building: $ ./configure --shared-openssl \ --shared-openssl-libpath=/path/openssl_quic-3.0/lib64 \ --shared-openssl-includes=/path/openssl_quic-3.0/include \ --shared-openssl-libname=crypto,ssl $ make -j8 Verify options is available: $ ./node --help ... --openssl-legacy-provider enable OpenSSL 3.0 legacy provider Usage: $ export LD_LIBRARY_PATH=/path/openssl_quic-3.0/lib64 $ export OPENSSL_MODULES=/path/openssl_quic-3.0/lib64/ossl-modules/ $ export OPENSSL_CONF=/path/openssl_quic-3.0/ssl/openssl.cnf $ ./node --openssl-legacy-provider -p 'crypto.createHash("md4")' Hash { _options: undefined, [Symbol(kHandle)]: Hash {}, [Symbol(kState)]: { [Symbol(kFinalized)]: false } } Fixes: nodejs/node#40948 Refs: nodejs/node#40455 PR-URL: nodejs/node#40478 Backport-PR-URL: nodejs/node#42972 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. v16.x labels May 5, 2022

richardlau added the semver-minor PRs that contain new features and should be released in the next minor version. label May 5, 2022

richardlau approved these changes May 5, 2022

View reviewed changes

richardlau added the request-ci Add this label to start a Jenkins CI on a PR. label May 5, 2022

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 5, 2022

tniessen approved these changes May 5, 2022

View reviewed changes

mhdawson approved these changes May 5, 2022

View reviewed changes

This comment was marked as outdated.

Sign in to view

juanarbol closed this Jun 1, 2022

BethGriggs reopened this Jun 1, 2022

Artur- mentioned this pull request Jun 1, 2022

Does not work on Node 16 which is dynamically linked to openssl 3 vaadin/flow#13889

Closed

waby38b mentioned this pull request Jun 5, 2022

Build on Fedora 36 (aka without "--openssl-legacy-provider" ) AdguardTeam/AdGuardHome#4595

Open

danbev force-pushed the backport-40478-to-v16.x branch from 055492f to 219e4f9 Compare June 23, 2022 03:38

danbev changed the title ~~[v16.x backport] src: add --openssl-legacy-provider option~~ src: add --openssl-legacy-provider option Jun 23, 2022

danielleadams force-pushed the v16.x-staging branch from bd952ea to 01e7d1f Compare July 7, 2022 15:03

mscdex mentioned this pull request Jul 7, 2022

OpenSSL library API incompatability errors using --openssl-legacy-provider flag. #43723

Closed

whitingjr mentioned this pull request Jul 11, 2022

Quinoa build process fails due to openssl v3 library unsupported by react-scripts. Hyperfoil/Horreum#226

Closed

targos changed the title ~~src: add --openssl-legacy-provider option~~ [v16.x] src: add --openssl-legacy-provider option Jul 18, 2022

targos closed this Jul 18, 2022

targos mentioned this pull request Jul 18, 2022

Support OpenSSL 3.0 Legacy provider in version 16 #40948

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[v16.x] src: add --openssl-legacy-provider option#42972

[v16.x] src: add --openssl-legacy-provider option#42972
danbev wants to merge 1 commit intonodejs:v16.x-stagingfrom
danbev:backport-40478-to-v16.x

danbev commented May 5, 2022

Uh oh!

nodejs-github-bot commented May 5, 2022

Uh oh!

nodejs-github-bot commented May 5, 2022

Uh oh!

mhdawson left a comment

Uh oh!

danbev commented May 15, 2022

Uh oh!

juanarbol commented May 29, 2022

Uh oh!

This comment was marked as outdated.

BethGriggs commented Jun 1, 2022

Uh oh!

Artur- commented Jun 20, 2022

Uh oh!

danielleadams commented Jun 23, 2022

Uh oh!

danbev commented Jun 23, 2022

Uh oh!

targos commented Jul 18, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

Uh oh!

Conversation

danbev commented May 5, 2022

Uh oh!

nodejs-github-bot commented May 5, 2022

Uh oh!

nodejs-github-bot commented May 5, 2022

Uh oh!

mhdawson left a comment

Choose a reason for hiding this comment

Uh oh!

danbev commented May 15, 2022

Uh oh!

juanarbol commented May 29, 2022

Uh oh!

This comment was marked as outdated.

BethGriggs commented Jun 1, 2022

Uh oh!

Artur- commented Jun 20, 2022

Uh oh!

danielleadams commented Jun 23, 2022

Uh oh!

danbev commented Jun 23, 2022

Uh oh!

targos commented Jul 18, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants