Nim icon indicating copy to clipboard operation
Nim copied to clipboard

Published 20 hours ago verified publisher icon nim-lang

Add OpenSSL 3 support

Open FedericoCeratto opened this issue 2 years ago • 15 comments

Drop support for versions below 1.1.0 Move away from deprecated functions Fixes: #19604

FedericoCeratto avatar May 21 '22 15:05 FedericoCeratto

So are you also planning on removing LibreSSL support as it relies on OpenSSL 1.0 APIs? It's really nice that you're doing the work with bringing up OpenSSL 3, but I think dropping support for OpenSSL < 1.1.0 is not a good idea.

Yardanico avatar May 21 '22 15:05 Yardanico

@Yardanico supporting OpenSSL 3, 1.1, 1.0, 0.9 and LibreSSL, both with dynamic and static linking (and across multiple OSes) creates a combinatorial explosion of test scenarios, making it really difficult to ensure the libraries are used securely. IMHO we should try to reduce the complexity in the wrapper. Maybe even remove a good fraction of unused procs. See #19604 for more comments.

FedericoCeratto avatar May 22 '22 13:05 FedericoCeratto

No Luck ... the same error.

I think it's due to macOS SIP. It don't pass VARIABLES starts with DYLD_ to subprocess.

Screen Shot 2022-07-11 at 2 40 04 PM

DYLD_LIBRARY_PATH variables exists. But when I execute levelOne.sh that var is wiped out. So, u can't set DYLD_* variable outside and use inside script that's the main issue. Other than that, the pull request works fine!

https://stackoverflow.com/questions/35568122/why-isnt-dyld-library-path-being-propagated-here https://github.com/rbenv/rbenv/issues/962

I found those issues.

heinthanth avatar Jul 11 '22 06:07 heinthanth

Here are the proofs

Screen Shot 2022-07-11 at 3 05 07 PM

I've a script to run compiled nimble at bin dir. When I run that nimble, it works ( since var is passed to nimble process ) But when I run it via runNimble.sh, didn't work ( since var is wiped out ). PS: I compiled nimble with -d:nimDebugDlOpen to debug.

heinthanth avatar Jul 11 '22 08:07 heinthanth

Env vars get lost might get lost in different locations in nimInternalBuildKochAndRunCI. Even nim r foo.nim drops them. Besides, having to add special env vars for OSX would be an annoying requirement for end users. SSL should work out of the box.

FedericoCeratto avatar Jul 12 '22 17:07 FedericoCeratto

The library import on Mac OS X is now fixed.

FedericoCeratto avatar Jul 31 '22 16:07 FedericoCeratto

@ringabout @Araq the remaining issue seems to be a timeout due to slow CI. Do you think the PR can be reviewed and merged?

FedericoCeratto avatar Aug 02 '22 16:08 FedericoCeratto

the remaining issue seems to be a timeout due to slow CI.

I restarted the failed CI.

ringabout avatar Aug 02 '22 16:08 ringabout

One more attempt before I'll merge it anyway.

Araq avatar Aug 03 '22 10:08 Araq

Failed CI is due to timeout, I guess. Anyway, nice work @FedericoCeratto. Congrats!

heinthanth avatar Aug 03 '22 12:08 heinthanth

@Araq is there any plan to make a minor release to add support for OpenSSL 3? A number of users are being impacted by this.

FedericoCeratto avatar Aug 03 '22 17:08 FedericoCeratto

@Araq is there any plan to make a minor release to add support for OpenSSL 3?

Yes, we'll make a release for this.

Araq avatar Aug 04 '22 06:08 Araq

Small suggestion: since we don't seem to have full automated tests for this, can you describe how you've tested this PR locally manually? I'm sure it will help us for the future, even if it is you doing the testing again :)

dom96 avatar Aug 05 '22 23:08 dom96

@dom96 I've tested openssl 3 locally and in CI runs using ubuntu-22.04 on my fork https://github.com/FedericoCeratto/Nim/pull/4 The image contains only openssl 3. I didn't add a new set of CI runs here because it's already quite heavy. Maybe we could split some of the package CI runs across ubuntu-22.04 and ubuntu-20.04 as a compromise. If you are referring to CLI commands to run tests, there are examples in the openssl.nim file.

(hah, today some test certs expired: https://github.com/chromium/badssl.com/issues/510#issue-1332362847 :laughing: )

FedericoCeratto avatar Aug 09 '22 13:08 FedericoCeratto

(hah, today some test certs expired: https://github.com/chromium/badssl.com/issues/510#issue-1332362847 😆 )

Yeah, I had to workaround it here: https://github.com/nim-lang/Nim/pull/20181

ringabout avatar Aug 09 '22 13:08 ringabout

@Araq finally the CI is all green :)

FedericoCeratto avatar Aug 18 '22 20:08 FedericoCeratto

Thanks for your hard work on this PR! The lines below are statistics of the Nim compiler built from 2dcfd732609a2cfa805e5a94cc105399a2f18632

Hint: mm: orc; threads: on; opt: speed; options: -d:release 163641 lines; 12.692s; 841.465MiB peakmem

github-actions[bot] avatar Aug 23 '22 20:08 github-actions[bot]

These changes break CI on macos 11 for many of our projects that previously worked without having to install additional dependencies:

Nim Compiler Version 1.7.1 [MacOSX: amd64]
Compiled at 2022-08-26
Copyright (c) 2006-2022 by Andreas Rumpf

git hash: ea44c5cfed21951feb5978b74fbc6cdb24f54ac2
active boot switches: -d:release
could not load: libcrypto.1.1.dylib
(compile with -d:nimDebugDlOpen for more information)

https://github.com/status-im/nim-web3/runs/8027875139?check_suite_focus=true

arnetheduck avatar Aug 26 '22 08:08 arnetheduck

Hiiii

hkl615 avatar Nov 23 '22 12:11 hkl615

FedericoCeratto:openssl3

hkl615 avatar Nov 23 '22 12:11 hkl615