Fix tests for OpenSSL 3.0.0

Thalhammer / jwt-cpp

A header only library for creating and validating json web tokens in c++

https://thalhammer.github.io/jwt-cpp/

MIT License

899 stars 242 forks source link

Fix tests for OpenSSL 3.0.0 #153

Closed kleinmrk closed 3 years ago

kleinmrk commented 3 years ago

OpenSSL 3.0.0 changes the signature of int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); to int PEM_write_bio_PUBKEY(BIO *bp, const EVP_PKEY *x);,

and int PEM_write_bio_X509(BIO *bp, X509 *x); to int PEM_write_bio_X509(BIO *bp, const X509 *x);.

The following tests failed since simulation of OpenSSL errors did not take place:

OpenSSLErrorTest.ExtractPubkeyFromCert
OpenSSLErrorTest.ConvertCertBase64DerToPem
OpenSSLErrorTest.ConvertCertBase64DerToPemErrorCode
OpenSSLErrorTest.ECDSACertificate
OpenSSLErrorTest.EdDSACertificate

prince-chrismc commented 3 years ago

Is this related to #150? Could you comment how bad the usage of deprecated methods is?

kleinmrk commented 3 years ago

I see this as a first step towards OpenSSL 3.0.0 support. I just wanted to give it a shot with the release candidate and figured that the tests are failing. Now that the tests are passing one can start getting rid of the deprecated API calls by using higher level API.

Regarding how bad deprecated methods are: From https://www.openssl.org/docs/manmaster/man7/migration_guide.html:

Use of the low level APIs has been informally discouraged by the OpenSSL development team for a long time. However in OpenSSL 3.0 this is made more formal. All such low level APIs have been deprecated. You may still use them in your applications, but you may start to see deprecation warnings during compilation (dependent on compiler support for this). Deprecated APIs may be removed from future versions of OpenSSL so you are strongly encouraged to update your code to use the high level APIs instead.

I think that at the moment using this low level API does not pose a big threat, but it is just matter of time till they start dropping deprecated functions.

Thalhammer commented 3 years ago

Looks good to me. Regarding the deprecation: While I agree that we should want to fix them (e.g. I compile with Werror, so a deprecation warning is effectively a broken build), I don't think there's a huge hurry. OpenSSL said they want to keep it as a drop in replacement for existing programs which means they can't really remove them until all major software is fixed. Given the widespread use of openssl, I am pretty sure it will take a loooong time until there's an actual threat of them being removed.

prince-chrismc commented 3 years ago

The following tests failed since simulation of OpenSSL errors did not take place:

We are missing unit tests in out GitHub Actions

kleinmrk commented 3 years ago

@prince-chrismc I added another commit that introduces OpenSSL CI workflow similar to LibreSSL CI. It builds, links and runs unit tests with different versions of OpenSSL.

prince-chrismc commented 3 years ago

Thank you so much! I had the intention of working on this however life had other plans.

❤️ Greatly appreciate the contribution

Emergency vet visit for dog 🤕 (the sock is so he couldn't like the cut) 20210810_132228

prince-chrismc commented 3 years ago

https://github.com/Thalhammer/jwt-cpp/pull/153/checks?check_run_id=3307203891#step:8:267

All the tests passed + it picked up the correct version it looks like we are in business!