Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(integv2): add partial support for OpenSSL 3.0 provider #5131

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

test(integv2): add partial support for OpenSSL 3.0 provider #5131

wants to merge 15 commits into from
+48 −16

Conversation

johubertj
Copy link
Contributor

@johubertj johubertj commented Feb 20, 2025
edited
Loading

Resolved issues:

Description of changes:

  • Added support for OpenSSL 3.0 as a provider.
  • Removed the constraint requiring OpenSSL 1.1.1.
  • Dropped support for TLS 1.0 and TLS 1.1 in OpenSSL 3.0.
  • Ensured OpenSSL 3.0 does not support 1024-bit certificates.

Problem

This PR removes the constraint that forces the OpenSSL provider executable to be from version 1.1.1, allowing support for modern OSs that use OpenSSL 3.0. The "version supported" method has been updated to accommodate OpenSSL 3.0, which only supports TLS 1.3 and TLS 1.2 by default. Additionally, Certificates.RSA_1024 tests are now skipped for OpenSSL 3.0.

Future Investigation

After adding openSSL 3.0 as a provider, the below test cases are failing and need more investigation

test_serialization.py
test_renegotiate_apache.py

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Feb 20, 2025
@johubertj johubertj requested a review from jmayclin February 20, 2025 00:45
@johubertj johubertj marked this pull request as ready for review February 20, 2025 00:45
@johubertj johubertj requested a review from maddeleine February 20, 2025 00:47
@johubertj johubertj mentioned this pull request Feb 25, 2025
Open
12 tasks
jmayclin
jmayclin reviewed Feb 25, 2025
View reviewed changes
@jmayclin
Copy link
Contributor

Also, I think there are some tests that aren't passing under openssl 3.0 with this PR? Let's call that out in the PR description. And I'd also vote to edit the CR title to test(integv2): add partial support for OpenSSL 3.0 provider to be clear that this isn't complete yet.

@johubertj johubertj changed the title Allow OpenSSL 3.0 as an OpenSSL provider test(integv2): add partial support for OpenSSL 3.0 provider Feb 26, 2025
@johubertj johubertj requested a review from jmayclin February 27, 2025 21:37
jmayclin
jmayclin reviewed Feb 27, 2025
View reviewed changes
@johubertj johubertj requested a review from jmayclin February 28, 2025 20:30
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 28, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maddeleine maddeleine Awaiting requested review from maddeleine

@jmayclin jmayclin Awaiting requested review from jmayclin

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
s2n-core team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johubertj @jmayclin