MINIFICPP-2728 upgrade openssl to 3.3.6#2115
Conversation
Signed-off-by: Marton Szasz <szaszm@apache.org>
szaszm
force-pushed
the
MINIFICPP-2728
branch
from
3aeaf0d to
d14aad8
Compare
szaszm
force-pushed
the
MINIFICPP-2728
branch
from
0e25ed7 to
93bf841
Compare
There was a problem hiding this comment.
Can we (or do we want to) upgrade the FIPS OpenSSL version, too? 3.1.2 seems to be FIPS-validated now.
There was a problem hiding this comment.
I didn't want to, but I can try doing that too
There was a problem hiding this comment.
I think we should if it only takes changing the version from 3.0.9 to 3.1.2. If non-trivial changes are needed, we can postpone it to the next release.
There was a problem hiding this comment.
Even if the change is trivial and builds successfully we should at least run the FIPS variant of the verify package jobs to see if all those tests also pass.
There was a problem hiding this comment.
https://github.com/szaszm/nifi-minifi-cpp/actions/runs/22370135157
here's a run. Most of the modular docker test jobs fail, but none of the FIPS mode ones. I think the timeouts are just too tight on those jobs with the new modular docker test library.
There was a problem hiding this comment.
Actually it just occurred to me that the modular tests do not have FIPS mode on the main branch yet, and the HTTPS tests are part of the modular docker tests already. The FIPS mode option for the modular tests was added in #2110 maybe it would be better to run a verify package test run on a separate branch with these commits rebased to that PR (with and without FIPS).
There was a problem hiding this comment.
I think I'll just revert the version change instead.
This reverts commit 9499649.
4 participants
Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with MINIFICPP-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically main)?
Is your initial contribution a single, squashed commit?
For code changes:
For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI results for build issues and submit an update to your PR as soon as possible.