New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Openssl3 #864
Conversation
Quite a few tests rely on outdated algorithms that have been relegated to the legacy provider in OpenSSL 3.0. `rake test` now loads a custom OpenSSL configuration file to enable said legacy provider, which is usually disabled by default.
The OpenSSL 3.0 changes don't allow for us to modify the private key details directly, and there are no dedicated constructors as of Ruby 3.0, so we need to actually create a PEM certificate in-memory and load that instead. Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
The OpenSSL 3.0 changes don't allow for us to modify the private key details directly, and there are no dedicated constructors as of Ruby 3.0, so we need to actually create a PEM certificate in-memory and load that instead. To add insult to injury, contrary to other types of keys such as RSA, we need to actually build the full PEM data and not just pack the numbers in a simple sequence, making the code even a bit more complicated. Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
The OpenSSL 3.0 changes don't allow for us to modify the private key details directly, and there are no dedicated constructors as of Ruby 3.0, so we need to actually create a PEM certificate in-memory and load that instead. Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
Migrate all instances of the pattern EC.new(foo).generate_key to EC.generate(foo), as the old pattern isn't supported when using OpenSSL 3.0, since one is not allowed to mess with the internal data of already created objects now. The new API has been introduced in Ruby 2.4. Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
This makes the code compatible with OpenSSL 3.0. However, an issue with this is that it is not possible anymore to ensure a specific size for the private key, as indicated in the inline comment. v2: avoid PKey.generate_key on older releases (< 2.7) Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
This PR close #843 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
@mfazekas are you available to release a new version of the gem in the next days ? |
@fwininger will try to cut a new release |
Thank you. I upgraded my Oxidized box to Ubuntu 22.04 and it is broken now. I reinstalled everything, downgraded psych, and now I am left at a SSH issue. My understanding is that it is a OpenSSL 3 / Net-SSH issue. Following for the update. |
Same for me, still waiting for the new release in order to continue working on 22.04 |
I've released 7.0.0 beta1, please test and report back. |
Works for me now, thank you very much! |
I loaded up the new gem but I still get "pkeys are immutable on OpenSSL 3.0". What other changes did you make other than installing the gem? |
I changed to: |
Will have to do some reading. Thanks for the tip. |
I'm using Rails, so that's a Gemfile inside my project. |
After |
Hi! Is there a timeframe for when v7.0.0 might be released as not a beta? We're getting end-user reports of issues using Many thanks :-) |
@mfazekas can you release 7.0.0, please ? |
Done |
duplicate from #857 for test purpose