Do not warn about compatible OpenSSL upgrades

From https://github.com/torproject/tor/pull/951

When releasing OpenSSL patch-level maintenance updates, we do not want to rebuild binaries using it. And since they guarantee ABI stability, we do not have to.

Without this patch, warning messages were produced that confused users: https://bugzilla.opensuse.org/show_bug.cgi?id=1129411

changed milestone to %Tor: 0.3.5.x-final

added 035-backport 040-backport actualpoints::0.2 component::core tor/tor dgoulet-merge milestone::Tor: 0.3.5.x-final openssl points::0.2 priority::medium resolution::fixed reviewer::nickm severity::normal status::closed type::defect usability ux labels

I think we've had issues in the past where OpenSSL has promised version compatibility, but failed to deliver.

I've assigned review to nickm, because he knows about our issues with OpenSSL library and header versions.

Trac:
Status: new to needs_review

subscribing here

Trac:
Username: bmwiedemann

Thanks for the patch!

Teor is right -- I'm really glad that openssl is aiming for ABI compatibility now, but they are still have enough complexity going on that I'm not confident that they won't mess it up in the future.

With that in mind, I'd suggest a middle-ground message. Let's log at NOTICE instead of INFO or WARN, and let's say something like "We compiled with OpenSSL X and we're running with OpenSSL Y. These two versions should be binary compatible." That way if people do run into bugs some time they can report that message.

Minor bookkeeping: let's base this on maint-0.3.5 rather than master so that we can backport it to LTS. We'll also need a "changes" file as described in doc/HACKING/CodingStandards.md.

Trac:
Status: needs_review to needs_revision
Keywords: openssl deleted, openssl ux usability 035-backport? 040-backport? added

I revised the patch as proposed and targeted it at maint-0.3.5

also gave it a quick round of testing and got the notice.

Trac:
Username: bmwiedemann

Looks better -- one problem is that the lintChanges.py script says that your changes file is not in the requested format, so CI is failing. Could you make sure that make check and make check-local both pass?

I could use some help there. It wants a ref of an old change. git blame gave me commit 3e3ec7 referencing issue 17549 but commit 7607ad2 seems to be the original source and then how to find the release from that?

Trac:
Username: bmwiedemann

I think I got it right now.

Trac:
Username: bmwiedemann

Sorry for the delay -- I've been on vacation. I'll try to look at this again soon.

Trac:
Status: needs_revision to needs_review

LGTM now; thank you!

Trac:
Status: needs_review to merge_ready

Trac:
Keywords: openssl ux usability 035-backport? 040-backport? deleted, openssl ux usability 035-backport? 040-backport? dgoulet-merge added

Merged!

Trac:
Resolution: N/A to fixed
Status: merge_ready to closed

Trac:
Status: closed to reopened
Actualpoints: N/A to 0.2
Milestone: Tor: 0.4.1.x-final to Tor: 0.4.0.x-final
Keywords: openssl ux usability 035-backport? 040-backport? dgoulet-merge deleted, openssl ux usability 035-backport 040-backport dgoulet-merge added
Resolution: fixed to N/A

We missed a backport on this ticket, because we closed it after merging to master.

Trac:
Status: reopened to merge_ready

Backported to 0.3.5. Merged with the other 0.3.5 and 0.4.0 backports on 2019-08-12.

Trac:
Status: merge_ready to closed
Milestone: Tor: 0.4.0.x-final to Tor: 0.3.5.x-final
Resolution: N/A to fixed

closed

changed time estimate to 1h 36m

added 1h 36m of time spent

moved to tpo/core/tor#30190 (closed)