[WFCORE-5786] / [WFCORE-5787] WildFly OpenSSL Component Upgrades

[fjuma]

https://issues.redhat.com/browse/WFCORE-5786
https://issues.redhat.com/browse/WFCORE-5787

    Release Notes - WildFly OpenSSL - Version 2.2.0.Final

Task

• [WFSSL-81] - Ensure the project is buildable on JDK 17
• [WFSSL-84] - Add JDK 17 build to Github Actions
• [WFSSL-88] - Upgrade WildFly OpenSSL Natives to 2.2.0.Final
• [WFSSL-89] - Release WildFly OpenSSL 2.2.0.Final
• [WFSSL-90] - Add repositories section to pom.xml

New Feature

• [WFSSL-80] - Add support for openssl 3.0.0

    Release Notes - WildFly OpenSSL Natives - Version 2.2.0.Final

Feature Request

• [SSLNTV-13] - Add support for openssl 3.0.0

Release

• [SSLNTV-15] - Release WildFly OpenSSL Natives 2.2.0.Final

Enhancement

• [SSLNTV-12] - update license name to match SPDX license list and also Wildfly
• [SSLNTV-14] - Add support for Apple Silicon

    Release Notes - WildFly OpenSSL Natives - Version 2.2.0.SP01

Release

• [SSLNTV-16] - Release WildFly OpenSSL Natives 2.2.0.SP01

[fjuma]

@luck3y Thanks again for your help with the other CI job! Would it be possible to update the agents for WildFly Core too so that they run with OpenSSL 3 as well?

The following test uses OpenSSL so could be used as a sanity check to see which version of OpenSSL gets used when running:
https://github.com/wildfly/wildfly-core/blob/main/testsuite/elytron/src/test/java/org/wildfly/test/integration/elytron/ssl/OpenSslTlsTestCase.java

[luck3y]

Hi @fjuma -- I can take a look at installing an updated OpenSSL on the other agents, however for those it will have to be available somewhere as an RPM, as compiling it locally on all of the agents otherwise will be impossible to maintain. I assume Windows has a native that uses OpenSSL as well?

[fjuma]

Thanks @luck3y! It is possible to run these tests on Windows too. However, was just looking at an existing Windows run and it looks like OpenSslTestCase actually gets skipped there right now:

https://ci.wildfly.org/buildConfiguration/WildFlyCore_PullRequest_WindowsJdk11/292297?buildTab=tests&name=OpenSsl&suite=&package=org.wildfly.test.integration.elytron

It might be because installing OpenSSL on Windows is a bit trickier so I think OpenSSL 1.1.1 was only installed on the Linux agents initially. Upgrading those Linux ones to OpenSSL 3 would be great if possible.

[luck3y]

@fjuma I've had a look and most major distros aren't shipping OpenSSL v3 yet. On Windows I could install 1.1.1 easily enough with ansible, so if that would help in the short term, let me know.

Longer term, we're about to move CI over to a new infrastructure, mostly running on CentOS Stream 8. Even here though, OpenSSL v3 isn't available widely as a package yet, and RHEL doesn't use it by default until RHEL 9, which I think is in early beta now. So I think this might take a bit more time than just installing it, I've opened https://issues.redhat.com/browse/WFCI-56 to track this.

[fjuma]

@luck3y Makes sense, thanks for creating the WFCI issue!

Regarding Windows, if installing OpenSSL 1.1.1 is something that doesn't take a lot of effort, then that would be good to do (but there's no rush at all for this since we've only had Linux runs for these tests for a while).

[jmesnil]

@fjuma do you plan to backport it for WildFly 26.1?

[fjuma]

@jmesnil Yes, thanks for the reminder! I've created #4946 to backport this for WildFly 26.1.