Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(integv2): add partial support for OpenSSL 3.0 provider #5131

Merged
merged 30 commits into from
Mar 12, 2025
Merged

test(integv2): add partial support for OpenSSL 3.0 provider #5131

merged 30 commits into from
Mar 12, 2025
+47 −16

Conversation

johubertj
Copy link
Contributor

@johubertj johubertj commented Feb 20, 2025
edited
Loading

Resolved issues:

Description of changes:

  • Added support for OpenSSL 3.0 as a provider.
  • Removed the constraint requiring OpenSSL 1.1.1.
  • Dropped support for TLS 1.0 and TLS 1.1 in OpenSSL 3.0.
  • Ensured OpenSSL 3.0 does not support 1024-bit certificates.

Problem

This PR removes the constraint that forces the OpenSSL provider executable to be from version 1.1.1, allowing support for modern OSs that use OpenSSL 3.0. The "version supported" method has been updated to accommodate OpenSSL 3.0, which only supports TLS 1.3 and TLS 1.2 by default. Additionally, Certificates.RSA_1024 tests are now skipped for OpenSSL 3.0.

  1. This is a partial support because we want to have all test cases pass locally w/ openssl3 (a few currently fail)
  2. Then we want all test cases to pass in CI w/ openssl3

Future Investigation

After adding openSSL 3.0 as a provider, the below test cases are failing and need more investigation

test_serialization.py
test_renegotiate_apache.py

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Feb 20, 2025
@johubertj johubertj requested a review from jmayclin February 20, 2025 00:45
@johubertj johubertj marked this pull request as ready for review February 20, 2025 00:45
@johubertj johubertj requested a review from maddeleine February 20, 2025 00:47
@johubertj johubertj mentioned this pull request Feb 25, 2025
Open
9 tasks
jmayclin
jmayclin reviewed Feb 25, 2025
View reviewed changes
@jmayclin
Copy link
Contributor

Also, I think there are some tests that aren't passing under openssl 3.0 with this PR? Let's call that out in the PR description. And I'd also vote to edit the CR title to test(integv2): add partial support for OpenSSL 3.0 provider to be clear that this isn't complete yet.

@johubertj johubertj changed the title Allow OpenSSL 3.0 as an OpenSSL provider test(integv2): add partial support for OpenSSL 3.0 provider Feb 26, 2025
@johubertj johubertj requested a review from jmayclin February 27, 2025 21:37
jmayclin
jmayclin reviewed Feb 27, 2025
View reviewed changes
johubertj and others added 3 commits February 27, 2025 16:07
@johubertj @jmayclin
Update tests/integrationv2/providers.py
96f3b54 
Co-authored-by: James Mayclin <maycj@amazon.com>
@johubertj @jmayclin
Update tests/integrationv2/providers.py
31404eb 
Co-authored-by: James Mayclin <maycj@amazon.com>
@johubertj
fixed nesting if statements and removed cert is none check
45eff50
@johubertj johubertj requested a review from jmayclin February 28, 2025 20:30
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 28, 2025
View reviewed changes
@johubertj johubertj requested review from dougch and removed request for maddeleine March 3, 2025 19:48
jmayclin
jmayclin approved these changes Mar 10, 2025
View reviewed changes
Copy link
Contributor

@jmayclin jmayclin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with the requested changes.

johubertj and others added 3 commits March 10, 2025 15:54
@johubertj @jmayclin
Update tests/integrationv2/providers.py
335548f 
Co-authored-by: James Mayclin <maycj@amazon.com>
@johubertj @jmayclin
Update tests/integrationv2/conftest.py
afc17ac 
Co-authored-by: James Mayclin <maycj@amazon.com>
@johubertj @jmayclin
Update tests/integrationv2/providers.py
29ead50 
Co-authored-by: James Mayclin <maycj@amazon.com>
dougch
dougch approved these changes Mar 10, 2025
View reviewed changes
Copy link
Contributor

@dougch dougch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once the nits are addressed.

@johubertj johubertj enabled auto-merge March 11, 2025 21:27
@johubertj johubertj added this pull request to the merge queue Mar 12, 2025
Merged via the queue into aws:main with commit 865c95d Mar 12, 2025
46 checks passed
@johubertj johubertj deleted the feature-add-openSSL3 branch March 12, 2025 01:34
dougch pushed a commit to dougch/s2n-tls that referenced this pull request Mar 12, 2025
@johubertj @jmayclin @dougch
test(integv2): add partial support for OpenSSL 3.0 provider (aws#5131)
8da62d4 
Co-authored-by: James Mayclin <maycj@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmayclin jmayclin

@dougch dougch

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@johubertj @jmayclin @dougch