Open richardlau opened 3 weeks ago
FWIW I've added testing against OpenSSl 3.2 to my copy of node-test-commit-linux-containered: richardlau-node-test-commit-linux-containered
e.g. https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/nodes=ubuntu2204_sharedlibs_openssl32_x64/26/consoleFull which is showing the current test failures with main
when linked against OpenSSL 3.2.2.
In terms of updating what is included in Node.js, for now we want to stay on the LTS version of OpenSSL (3.0) for as long as possible. OpenSSL have not yet decided/announced what the next LTS version of OpenSSL will be. Making sure Node.js can build and execute tests successfully on later OpenSSL versions should hopefully ease the migration when it is eventually time.
For those that want to help move it forward, you can run this job to confirm if you have fixed one of the tests - https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/
A number of Node.js tests fail when Node.js is compiled dynamically linked against OpenSSL 3.2 (tested with OpenSSL 3.2.2). i.e.
Full tap results: https://gist.github.com/richardlau/ce642daf2ffd581755232a924f9f8f63
Failures:
out/Release/node /home/nodejs/node/test/parallel/test-crypto-dh.js
https://github.com/nodejs/node/pull/53503out/Release/node /home/nodejs/node/test/parallel/test-http2-https-fallback.js
Also fails with OpenSSL 3.0.14 https://github.com/nodejs/node/pull/53373out/Release/node /home/nodejs/node/test/parallel/test-http2-server-unknown-protocol.js
Also fails with OpenSSL 3.0.14 https://github.com/nodejs/node/pull/53373out/Release/node /home/nodejs/node/test/parallel/test-https-client-checkServerIdentity.js
out/Release/node /home/nodejs/node/test/parallel/test-https-strict.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-alert-handling.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-cert-regression.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-getephemeralkeyinfo.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-alpn-server-client.js
Also fails with OpenSSL 3.0.14 https://github.com/nodejs/node/pull/53373out/Release/node /home/nodejs/node/test/parallel/test-tls-client-mindhsize.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-renegotiation-13.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-auth.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-client-verify.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-empty-sni-context.js
https://github.com/nodejs/node/pull/53384out/Release/node --no-warnings /home/nodejs/node/test/parallel/test-tls-dhe.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-getcipher.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-junk-server.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-multiple-cas-as-string.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-peer-certificate-encoding.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-multi-key.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-psk-circuit.js
https://github.com/nodejs/node/pull/53384out/Release/node /home/nodejs/node/test/parallel/test-tls-sni-server-client.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-set-ciphers.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-sni-option.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-server-verify.js
out/Release/node /home/nodejs/node/test/parallel/test-tls-junk-closes-server.js
also reported in https://github.com/nodejs/node/issues/52482In our Jenkins CI we currently test in node-test-commit-linux-containered Node.js dynamically linked against OpenSSL 3.0 and 3.1. Addressing the above test failures would be required before we can add testing against OpenSSL 3.2 to the CI.