Opened 6 months ago

Last modified 5 months ago

#34139 new enhancement

Build Tor without warnings or test failures with OpenSSL 3.0.0

Reported by: nickm Owned by:
Priority: High Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 044-deferred
Cc: Actual Points:
Parent ID: Points: 2
Reviewer: Sponsor:

Description

According to the OpenSSL release strategy [release-strat] they're planning to release openssl 3.0.0 in early Q4 of this year.

Currently, many of the APIs that Tor uses are deprecated in OpenSSL 3.0.0-alpha [openssl-3]. It's still possible to build Tor with it, but you get a lot of deprecated-item warnings. We should fix those warnings before OpenSSL 3 is released.

Further, if we build without fatal warnings, there are some test failures. We should see if they are tor bugs or new openssl bugs, and fix them in the first case or report them in the second.

I don't think we necessarily need to backport this: OpenSSL 1.1 will be supported until 2023-09-11 [release-strat], whereas support for 0.3.5 is scheduled to end on 2020-02-02.

[release-strat] https://www.openssl.org/policies/releasestrat.html

[openssl-3] https://www.openssl.org/blog/blog/2020/04/23/OpenSSL3.0Alpha1/

Child Tickets

Attachments (2)

openssl-3-output.txt (42.2 KB) - added by nickm 6 months ago.
Warnings from openssl-3 build.
openssl-3-test-output.txt (63.4 KB) - added by nickm 6 months ago.
Output from running src/test/test

Download all attachments as: .zip

Change History (5)

Changed 6 months ago by nickm

Attachment: openssl-3-output.txt added

Warnings from openssl-3 build.

comment:1 Changed 6 months ago by nickm

I've attached the warnings from a build attempt.

To reproduce this yourself, you may need to use openssl-master instead of openssl-3.0.0-alpha1: I was unable to build openssl-3.0.0-alpha1 because of some missing includes. The version I used was 90fc2c26df23811be080093772b2161850385863 from OpenSSL's git repository.

Changed 6 months ago by nickm

Attachment: openssl-3-test-output.txt added

Output from running src/test/test

comment:2 Changed 6 months ago by nickm

I've also attached the output from ./src/test/test, which fails.

Additionally, it seems to run really slow on all the tests where we fork: perhaps some post-fork task that we do with openssl has gotten very expensive?

comment:3 Changed 5 months ago by nickm

Keywords: 044-deferred added
Milestone: Tor: 0.4.4.x-finalTor: unspecified

Bulk-remove tickets from 0.4.4. Add the 044-deferred label to them.

Note: See TracTickets for help on using tickets.