Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/6.0] Add dynamic shim for SSL_CTX_set_options and SSL_set_options #67145

Merged
merged 5 commits into from
Apr 13, 2022
Merged

[release/6.0] Add dynamic shim for SSL_CTX_set_options and SSL_set_options #67145

merged 5 commits into from
Apr 13, 2022

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Mar 25, 2022
edited by rzikm
Loading

Backport of #67030 to release/6.0

Closes #66310

/cc @rzikm

Customer Impact

An API-breaking change in OpenSSL between 1.1 and 3.0 versions leads to SslStream being unusable on 32-bit platforms with OpenSSL 3.0 or higher (e.g. upcoming Ubuntu 22.04). This transitively affects all facilities built on top of SslStream, like HTTPS, and by extension, it prevents basic functionality like dotnet restore from working, making .NET effectively unusable on affected platforms.

Testing

Validated the fix on locally built runtime from this PR and the repro app from the original issue.

Risk

Low - CI run passes on Linux platforms and was the change was manually tested on the configuration affected by the issue.

rzikm and others added 5 commits March 25, 2022 13:52
@rzikm
Add dynamic shim for SSL_CTX_set_options
529106e 
This works around ABI breaking change made between OpenSSL 1.1 and 3.0 where argument type and return type was changed from unsigned long to uint64_t, which caused issues on arm32 architectures with OpenSSL 3.0 installed.
@rzikm
Fix typo
c5e7caf
@rzikm @bartonjs
Update src/native/libs/System.Security.Cryptography.Native/pal_ssl.c
c825fcd 
Co-authored-by: Jeremy Barton <[email protected]>
@rzikm @wfurt
Update src/native/libs/System.Security.Cryptography.Native/pal_ssl.c
27d27b3 
Co-authored-by: Tomas Weinfurt <[email protected]>
@rzikm
Code review feedback
f50df4f
@ghost
Copy link

ghost commented Mar 25, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #67030 to release/6.0

/cc @rzikm

Customer Impact

Testing

Risk

IMPORTANT: If this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security
Milestone: -

bartonjs
bartonjs approved these changes Mar 25, 2022
View reviewed changes
Copy link
Member

@bartonjs bartonjs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shim-owner hat: Code diff LGTM.
Infrastructure hat: There's no packaging impact for the shim (shared runtime).

@bartonjs
Copy link
Member

@rzikm Please fill out the servicing template in the top post.

@rzikm rzikm self-assigned this Mar 28, 2022
@rzikm
Copy link
Member

rzikm commented Mar 28, 2022

Windows CI leg failures unrelated (Helix queue windows.10.amd64.server19h1.es.open is set for estimated removal date of 2022-03-31. In most cases the queue will be removed permanently due to end-of-life;)

@rzikm rzikm mentioned this pull request Mar 28, 2022
Closed
15 tasks
@rzikm rzikm added the Servicing-consider Issue for next servicing release review label Mar 28, 2022
@karelz
Copy link
Member

karelz commented Mar 28, 2022

@danmoseley this is blocking Ubuntu 22.04 arm32 support -- which patch does it need to get in?

@leecow leecow added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 29, 2022
@leecow leecow added this to the 6.0.5 milestone Mar 29, 2022
@carlossanlop carlossanlop merged commit e0a10a0 into release/6.0 Apr 13, 2022
@jkotas jkotas deleted the backport/pr-67030-to-release/6.0 branch April 16, 2022 00:38
@ghost ghost locked as resolved and limited conversation to collaborators May 16, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@rzikm rzikm

Labels
area-System.Security Servicing-approved Approved for servicing release
Projects
None yet
Milestone
6.0.5
Development

Successfully merging this pull request may close these issues.
5 participants
@bartonjs @rzikm @karelz @carlossanlop @leecow