-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix test regression for OpenSSL compiled with FIPS #23871
Conversation
CI: https://ci.nodejs.org/job/node-test-pull-request/18142/ Collaborators, feel free to 👍 this comment to approve fast-tracking. |
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes.
Sorry, had to change commit message to follow guidelines |
LGTM but I thought there isn't a FIPS module compatible with OpenSSL 1.1.0/1.1.1 yet and (AFAIK) Node.js doesn't compile against OpenSSL 1.0.2 since the update to 1.1.0 (#22025). |
We still build/test FIPs on earlier versions so its good to have this in case PR mentioned is backported. We also will want to compile in FIPs in the future |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@AdamMajer thanks for this. I don't mind fast-tracking this, its small and correct, but since master doesn't build against FIPS, its not breaking anything ATM, is it? |
On 2018-10-25 7:39 p.m., Sam Roberts wrote:
@AdamMajer <https://github.com/AdamMajer> thanks for this.
I don't mind fast-tracking this, its small and correct, but since master doesn't build against FIPS,
its not breaking anything ATM, is it?
It's breaking my build that uses SUSE's OpenSSL library. fast-track is not important for me, as long
as the change makes it to Node's tree so I don't have to keep too many external patches around.
|
@@ -34,7 +34,7 @@ assert(/^\d+\.\d+\.\d+(?:\.\d+)?-node\.\d+(?: \(candidate\))?$/ | |||
assert(/^\d+$/.test(process.versions.modules)); | |||
|
|||
if (common.hasCrypto) { | |||
assert(/^\d+\.\d+\.\d+[a-z]?$/.test(process.versions.openssl)); | |||
assert(/^\d+\.\d+\.\d+[a-z]?(-fips)?$/.test(process.versions.openssl)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
assert(/^\d+\.\d+\.\d+[a-z]?(-fips)?$/.test(process.versions.openssl)); | |
assert(/^\d+\.\d+\.\d+[a-z]?(?:-fips)?$/.test(process.versions.openssl)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, could change that but I think it makes it more difficult to read and we are not really saving anything here. So I think for readability sake, I would keep this as-is.
Landed in 0a23538 |
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL format. Unfortunately, when OpenSSL is compiled in FIPS mode, this check fails. Added additional regex to satisfy OpenSSL version strings in both regular and FIPS modes. PR-URL: #23871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Sam Roberts <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>
In commit bff53c5, a check was added for very specific OpenSSL
format. Unfortunately, when OpenSSL is compiled in FIPS mode, this
check fails. Added additional regex to satisfy OpenSSL version
strings in both regular and FIPS modes.
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes