Update SSL libraries to latest versions

Thalhammer / jwt-cpp

A header only library for creating and validating json web tokens in c++

https://thalhammer.github.io/jwt-cpp/

MIT License

864 stars 235 forks source link

Update SSL libraries to latest versions #235

Closed prince-chrismc closed 2 years ago

prince-chrismc commented 2 years ago

New List

UPDATE: everything is green

Other changes

Fixed a bad URL
Fix badge action not reading job status 🤷

Thalhammer commented 2 years ago

Seems like one of the tests is failing cause the ECDSA_SIG isn't public anymore. However there seems to be ECDSA_SIG_get0_r and ECDSA_SIG_get0_s which does exactly the same thing. We need to make sure its available in everything we support thought so we don't introduce regressions for older libraries.

prince-chrismc commented 2 years ago

I had opened an issue asking to help and got a great response https://github.com/libressl-portable/portable/issues/764#issuecomment-1153548504

Thalhammer commented 2 years ago

Aaaand it broke even more tests 😅 We might wanna go with the ECDSA_SIG_get0_r code by default because it feels cleaner and only resort to direct accesses for old versions that dont have it (not sure when it was introduced exactly).

prince-chrismc commented 2 years ago

We might wanna go with the ECDSA_SIG_get0_r code

Sadly it only came out in the last version... https://github.com/openssl/openssl/commit/0396401d1c3fd65487116b0623e634b65bf28670 so it's does not look like too much of a gain

Thought looking into it we already are using this method with ECDSA_SIG_get0 L1168 in jwt.h so it seems like our past selves were just as smart 😆