Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Openssl3 #864

Merged
merged 9 commits into from Apr 29, 2022
Merged

Openssl3 #864

merged 9 commits into from Apr 29, 2022

Conversation

fwininger
Copy link
Collaborator

duplicate from #857 for test purpose

schopin-pro and others added 9 commits April 29, 2022 14:32
@schopin-pro @fwininger
tests: Enable legacy providers if using OpenSSL 3.0
1e37455 
Quite a few tests rely on outdated algorithms that have been relegated
to the legacy provider in OpenSSL 3.0. `rake test` now loads a custom
OpenSSL configuration file to enable said legacy provider, which is
usually disabled by default.
@schopin-pro @lucaskanashiro @fwininger
buffer: create RSA keys by loading PEM data directly
5ea15d5 
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.

Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
@schopin-pro @lucaskanashiro @fwininger
buffer: create DSA keys by loading PEM data directly
763b9da 
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.

To add insult to injury, contrary to other types of keys such as RSA, we
need to actually build the full PEM data and not just pack the numbers
in a simple sequence, making the code even a bit more complicated.

Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
@schopin-pro @lucaskanashiro @fwininger
transport: create EC keys by loading PEM data directly
be70463 
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.

Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
@schopin-pro @lucaskanashiro @fwininger
Use OpenSSL::PKey::EC.generate static method
29d080b 
Migrate all instances of the pattern EC.new(foo).generate_key to
EC.generate(foo), as the old pattern isn't supported when using OpenSSL
3.0, since one is not allowed to mess with the internal data of already
created objects now.

The new API has been introduced in Ruby 2.4.

Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
@schopin-pro @lucaskanashiro @fwininger
diffie-hellman: create the key by generating the PEM file
572e226 
This makes the code compatible with OpenSSL 3.0. However, an issue with
this is that it is not possible anymore to ensure a specific size for
the private key, as indicated in the inline comment.

v2: avoid PKey.generate_key on older releases (< 2.7)

Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
@fwininger
fix rubocop issues
78948d1
@fwininger
Fix unit tests for OpenSSL 3
aca76f4
@fwininger
Fix #854 regression
39aa8df
@fwininger fwininger requested a review from mfazekas April 29, 2022 12:33
@fwininger
Copy link
Collaborator Author

This PR close #843

mfazekas
mfazekas approved these changes Apr 29, 2022
View reviewed changes
Copy link
Collaborator

@mfazekas mfazekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@fwininger fwininger merged commit 8455038 into master Apr 29, 2022
This was referenced Apr 29, 2022
Closed
Closed
Closed
Closed
@fwininger
Copy link
Collaborator Author

@mfazekas are you available to release a new version of the gem in the next days ?

@mfazekas
Copy link
Collaborator

@fwininger will try to cut a new release

@dbh2
Copy link

dbh2 commented Apr 29, 2022

@fwininger will try to cut a new release

Thank you. I upgraded my Oxidized box to Ubuntu 22.04 and it is broken now. I reinstalled everything, downgraded psych, and now I am left at a SSH issue. My understanding is that it is a OpenSSL 3 / Net-SSH issue. Following for the update.

@proigor
Copy link

proigor commented Apr 30, 2022

@fwininger will try to cut a new release

Thank you. I upgraded my Oxidized box to Ubuntu 22.04 and it is broken now. I reinstalled everything,

Same for me, still waiting for the new release in order to continue working on 22.04

@mfazekas
Copy link
Collaborator

mfazekas commented Apr 30, 2022
edited

I've released 7.0.0 beta1, please test and report back.
https://rubygems.org/gems/net-ssh/versions/7.0.0.beta1

@proigor
Copy link

proigor commented Apr 30, 2022

Works for me now, thank you very much!

@dbh2
Copy link

dbh2 commented May 2, 2022

Works for me now, thank you very much!

I loaded up the new gem but I still get "pkeys are immutable on OpenSSL 3.0". What other changes did you make other than installing the gem?

@proigor
Copy link

proigor commented May 2, 2022

Works for me now, thank you very much!

I loaded up the new gem but I still get "pkeys are immutable on OpenSSL 3.0". What other changes did you make other than installing the gem?

I changed to:
gem 'net-ssh', '~> 7.0.0.beta1', require: 'net/ssh'
in my Gemfile. And run 'bundle update'.

@dbh2
Copy link

dbh2 commented May 2, 2022
edited

Works for me now, thank you very much!

I loaded up the new gem but I still get "pkeys are immutable on OpenSSL 3.0". What other changes did you make other than installing the gem?

I changed to: gem 'net-ssh', '~> 7.0.0.beta1', require: 'net/ssh' in my Gemfile. And run 'bundle update'.

Will have to do some reading. Thanks for the tip.

@proigor
Copy link

proigor commented May 2, 2022

Will have to do some reading. First and only ruby project I've ever put my hands on. The Gemfile in my /var/lib/gems for oxidized-0.28.0 is basically blank. Thanks for the tip.

I'm using Rails, so that's a Gemfile inside my project.

@meidlinga
Copy link

After gem install net-ssh -v 7.0.0.beta1 I can use vagrant provision on Ubuntu 22.04 again. Thank you.

@timotheencl timotheencl mentioned this pull request May 4, 2022
Closed
@lucaskanashiro lucaskanashiro mentioned this pull request May 16, 2022
Closed
@edmorley
Copy link

Hi! Is there a timeframe for when v7.0.0 might be released as not a beta?

We're getting end-user reports of issues using net-ssh on Ubuntu 22.04 - and a beta release is much less discoverable for them to think to try before opening a support ticket.

Many thanks :-)

@fwininger
Copy link
Collaborator Author

@mfazekas can you release 7.0.0, please ?

@coffenbacher coffenbacher mentioned this pull request Jun 25, 2022
Open
@mfazekas
Copy link
Collaborator

@mfazekas can you release 7.0.0, please ?

Done

@edmorley edmorley mentioned this pull request Jun 26, 2022
Closed
@hana-da hana-da mentioned this pull request Jun 29, 2022
Merged
This was referenced Apr 15, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfazekas mfazekas mfazekas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@fwininger @mfazekas @dbh2 @proigor @meidlinga @edmorley @schopin-pro