Skip to content

ci: fix node24 ci, update crypto keys because of openSSL 3.5.1 upgrade in nodejs 24.5.0 #4400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

ci: fix node24 ci, update crypto keys because of openSSL 3.5.1 upgrade in nodejs 24.5.0 #4400

wants to merge 1 commit into from

Conversation

@Uzlopak
Copy link
Contributor

@Uzlopak Uzlopak commented Aug 9, 2025
edited
Loading

NodeJs v24.5.0 uses OpenSSL 3.5.1. The ssl certificate of https-pem is too weak and thus resulting in breaking our ci.

I took the certs from the cpython project. They were generated by @encukou .

You can find the key and cert in the cpython repo.
https://github.com/python/cpython/blob/main/Lib/test/certdata/ssl_cert.pem
https://github.com/python/cpython/blob/main/Lib/test/certdata/ssl_key.pem

I looked into nodejs core repo to find some other keys which could work, but I am not that deep into the ssl certs topic, and well, this keys work?! And I think to get the CI fixed is more important.

@richardlau
is there a key in node core, that we could use?

@Uzlopak Uzlopak force-pushed the fix-node24-ci branch 2 times, most recently from 0927526 to a1dacb1 Compare August 9, 2025 14:13
@Uzlopak Uzlopak changed the title ci: fix node24 ci ci: fix node24 ci, update crypto keys because of openSSL 3.5.1 upgrade in nodejs 24.5.0 Aug 9, 2025
@Uzlopak Uzlopak mentioned this pull request Aug 9, 2025
Merged
7 tasks
@himself65
Copy link
Member

himself65 commented Aug 9, 2025

Fixes: #4156

himself65
himself65 reviewed Aug 9, 2025
View reviewed changes
Copy link
Member

@himself65 himself65 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we probably uninstall https-pem?

@Uzlopak Uzlopak linked an issue Aug 9, 2025 that may be closed by this pull request
error:0A00018F:SSL routines::ee key too small in tests using modern openssl #4156
Closed
@mcollina
Copy link
Member

mcollina commented Aug 11, 2025

I prefer generating them, as including the certs will generate additional work here.

@Uzlopak
Copy link
Contributor Author

Uzlopak commented Aug 11, 2025

lets get the ci green again

@Uzlopak Uzlopak closed this Aug 11, 2025
@Uzlopak Uzlopak deleted the fix-node24-ci branch August 11, 2025 06:08
@richardlau
Copy link
Member

richardlau commented Aug 11, 2025

@richardlau is there a key in node core, that we could use?

Node.js has https://github.com/nodejs/node/tree/main/test/fixtures/keys which are generated by https://github.com/nodejs/node/blob/main/test/fixtures/keys/Makefile.
There were updates to some of the keys there for OpenSSL 3.2, nodejs/node#54599.

@richardlau richardlau mentioned this pull request Aug 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@himself65 himself65 himself65 approved these changes

@gurgunday gurgunday gurgunday approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

error:0A00018F:SSL routines::ee key too small in tests using modern openssl

6 participants

@Uzlopak @himself65 @mcollina @richardlau @gurgunday