lucaskanashiro
commented
2 years ago Cc @sergiodj
Closed lucaskanashiro closed 2 years ago
lucaskanashiro
commented
2 years ago Cc @sergiodj
lucaskanashiro
commented
2 years ago @nov will you have time to take a look at this PR any time soon? The CI jobs are failing but it seems unrelated to the changes, it is a failure when cloning a submodule. I'd recommend to also test it with Ubuntu 22.04 to make sure it is working fine with OpenSSL 3.
nov
commented
2 years ago Can't we wait for openssl gem to add better interface so that we don't need such low level code here?
lucaskanashiro
commented
2 years ago @nov do you have any information if openssl gem maintainers are planning to do what you are expecting? I just checked their git repo and I do not see many changes in that direction. AFAIU the maintainers just tried to follow the API changes applied by the openssl lib maintainers.
In net-ssh gem, we proposed a similar patch set and it was merged by them. Please let me know if you have some information that I am not aware of. I do not want to leave json-jwt gem broken in Ubuntu 22.04 for too long, so it would be great if we could reach a consensus. TIA!
nov
commented
2 years ago I'm waiting openssl gem introduce new interface for key params setters as described here. https://github.com/ruby/openssl/pull/480
lucaskanashiro
commented
2 years ago @nov the openssl PR you linked was already merged, so I think the maintainers are not planning to provide a different interface (I also did not find any WIP PR regarding a change in the key's API). The changes I am proposing here are compliant with that. I do not think that changes here are too low level, the thing is that now we need to use the ASN1 data structure to set the values before creating a key because it is immutable now.
lucaskanashiro
commented
2 years ago @nov could you please revisit the comments here?
nov
commented
2 years ago What I expect is something like OpenSSL::PKey.new_private_key("RSA", n: 123, e: 456, d: 789) mentioned here.
https://github.com/ruby/openssl/issues/369
bmesuere
commented
2 years ago Is there any news on this? We migrated to Ubuntu 22.04 which caused our OIDC implementation to fail due to this incompatibility.
nov
commented
2 years ago Hum, no progress on openssl gem side. OK, please rebase this pull request, and once travis succeeded, I'll release new version with these changes. I don't want to maintain ASN1 code so long though...
nov
commented
2 years ago never mind. I do rebase and merge on my side at #102
nov
commented
2 years ago BTW, if you know the way to let travis test against openssl3, pull requests for that is very helpful not to break openssl 3 compatibility unexpectedly in future.
bmesuere
commented
2 years ago @nov Travis seems to use an ancient Ubuntu version. I opened a pull request which adds test against Ruby 3.1 on Ubuntu 22.04 (which uses OpenSSL3) using GitHub Actions.
nov
commented
2 years ago thanks!
The openssl API introduced some breaking changes which are fixed by this commit. For more information about those changes check this out:
https://github.com/ruby/openssl/blob/master/History.md#version-300
Co-authored-by: Sergio Durigan Junior sergiodj@ubuntu.com
With the proposed changes all tests are passing with OpenSSL 3. You can easily test it in a system running Ubuntu 22.04 which has OpenSSL 3 as the default.