fix(sqlx-cli): bump openssl minimum to 0.10.46#4172
fix(sqlx-cli): bump openssl minimum to 0.10.46#4172ricochet wants to merge 1 commit intolaunchbadge:mainfrom
Conversation
native-tls 0.2.12 calls `Pkcs12::parse2()` which was added in openssl 0.10.46, but declares its minimum as 0.10.29. The minimal-versions resolver picked openssl 0.10.38 (our previous lower bound), which lacks `parse2`.
|
We've been talking about switching this check to use I've also been thinking about just deleting the |
|
This failure is a bug in native-tls. The openssl bump in this PR is a workaround, and the real fix already landed in native-tls. So it's definitely not on sqlx for the breakage here. We could also bump to 2.18 of native-tls, but I opted for a conservative fix. Direct minimal versions would still validate that the declared lower bounds are correct without inheriting third-party bugs so it would make sense to do that if it's been a recurring issue. I'd probably do that as a separate PR. I think that'd only be the following: check-minimal-versions:
name: Check build using direct minimal versions
runs-on: ubuntu-24.04
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Setup Rust
run: |
rustup show active-toolchain || rustup toolchain install
rustup toolchain install nightly
- run: cargo +nightly generate-lockfile -Z direct-minimal-versions
- run: cargo build --all-features |
|
Could we just release the rustls only version? |
3 participants
native-tls 0.2.12 calls
Pkcs12::parse2()which was added in openssl 0.10.46, but declares its minimum as 0.10.29. The minimal-versions resolver picked openssl 0.10.38 (our previous lower bound), which lacksparse2.Does your PR solve an issue?
No this is to fix failing CI on main.
See unrelated PR's with the same build failures:
Is this a breaking change?
No