Incompatibility with Ruby `3.2.0`

[alex-damian-negru]

The Problem

Ruby 3.2.0 requires OpenSSL 3.1.0 (which is included by default).

The library is capped at OpenSSL < 3.1.0, which makes it incompatible with Ruby 3.2.

spec.add_dependency "openssl", ">= 2.2", "< 3.1"

You have already activated openssl 3.1.0, but your Gemfile requires openssl 3.0.1. 

Since openssl is a default gem, you can either remove your dependency on it or try updating to a newer version of bundler that supports openssl as a default gem. 

(Gem::LoadError)

Proposed Solution

Make the gem compatible with openssl 3.1.

---

Unfortunately I do not have the time to implement the solution for this myself, but thought I'd at least raise the issue.

[bdewater]

Thanks for bringing this up. Since https://github.com/cedarcode/webauthn-ruby/actions/runs/3781555565/jobs/6428532740 ran succesfully (Ruby 3.2/OpenSSL 3.0.2) I wasn't expecting problems, and looking at the OpenSSL changelog nothing should break on 3.1.0 either. I'll get a patch up on a few moments.

[alex-damian-negru]

Any updates on the issue? If a dependency bump is all that's needed I can open a PR for this

[bdewater]

It's mostly just a bump, but there's a couple of dependencies that need changes as well. @brauliomartinezlm can you help with https://github.com/cedarcode/openssl-signature_algorithm/pull/8, https://github.com/cedarcode/tpm-key_attestation/pull/17 and https://github.com/cedarcode/tpm-key_attestation/pull/18 ? Once those landed and are green, https://github.com/cedarcode/webauthn-ruby/pull/386 should be safe to merge.

[brauliomartinezlm]

Sorry folks. I was OOO for the last couple of weeks. I'll get to this shortly.

[brauliomartinezlm]

@bdewater @alex-damian-negru this has been addressed in the just released v3.0.0. Feel free to open another issue if you find any problems. Thank you for raising this @alex-damian-negru