Set vendored-openssl feature to fix issue with OpenSSL version mismatch between Node 18 and some systems
#3724
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
|
Hi @Auspicus , thanks for opening the discussion, but I think we want to investigate all other options to fix prisma/prisma#10649 before we make a drastic move like this. The number 1 reason why we don't want to statically link to a TLS implementation is security: keeping the system OpenSSL version up to date should be part of running any application, on the other hand asking people to upgrade their Prisma version, and rebuild their application to get a security patch is a much higher hurdle. And as you noted, binary size suffers as well. Let's continue the discussion in the issue. FWIW we are actively working on fixing this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This probably isn't the "best" way to fix the issue but I built the library with and without this and was able to confirm it fixes the issue. It will increase build size of the library (~20%) but it prevents the issue with system OpenSSL and Node OpenSSL using different versions. It implies that the libraries will need to be built for each version of OpenSSL used by Node, not the system.
eg:
libquery_engine-darwin-arm64-node18.dylib.nodelibquery_engine-darwin-arm64-node16.dylib.nodeFixes: prisma/prisma#10649
See also: https://github.com/prisma/prisma-engines/pull/3243/files which removed this but was never cut into a release.