diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 0f4065253f6..15bfa14f2c3 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -28,244 +28,29 @@ jobs: fail-fast: false matrix: include: - # ------------------------------------------------------------------------- - - name: Empty APLOGNO() test - env: | - SKIP_TESTING=1 - TEST_LOGNO=1 - # ------------------------------------------------------------------------- - - name: Default - # ------------------------------------------------------------------------- - - name: All-static modules - config: --enable-mods-static=reallyall - # ------------------------------------------------------------------------- - - name: Prefork MPM, all-modules (except cgid) - config: --enable-mods-shared=reallyall --with-mpm=prefork --disable-cgid - # ------------------------------------------------------------------------- - - name: Worker MPM, all-modules - config: --enable-mods-shared=reallyall --with-mpm=worker - # ------------------------------------------------------------------------- - - name: Shared MPMs, all-modules - config: --enable-mods-shared=reallyall --enable-mpms-shared=all - # ------------------------------------------------------------------------- - - name: Event MPM, all-modules, mod_cgid only - config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi - # ------------------------------------------------------------------------- - - name: Event MPM, all-modules, no CMSG_DATA - config: --enable-mods-shared=reallyall --with-mpm=event ac_cv_have_decl_CMSG_DATA=no - # ------------------------------------------------------------------------- - - name: Default, all-modules + install - config: --enable-mods-shared=reallyall - env: | - TEST_INSTALL=1 - APACHE_TEST_EXTRA_ARGS=-v - # ------------------------------------------------------------------------- - - name: Default, all-modules, random test order - config: --enable-mods-shared=reallyall - env: | - TEST_ARGS=-order=random - # ------------------------------------------------------------------------- - - name: GCC 10 maintainer-mode w/-Werror, install + VPATH - config: --enable-mods-shared=reallyall --enable-maintainer-mode - notest-cflags: -Werror -O2 - env: | - CC=gcc-10 - TEST_VPATH=1 - TEST_INSTALL=1 - SKIP_TESTING=1 - # ------------------------------------------------------------------------- - - name: All-modules, APR 1.7.4, APR-util 1.6.3 - config: --enable-mods-shared=reallyall - env: | - APR_VERSION=1.7.4 - APU_VERSION=1.6.3 - APU_CONFIG="--with-crypto --with-ldap" - # ------------------------------------------------------------------------- - - name: APR 1.8.x, APR-util 1.7.x - config: --enable-mods-shared=reallyall - env: | - APR_VERSION=1.8.x - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: Pool-debug - config: --enable-mods-shared=reallyall - env: | - APR_VERSION=1.7.x - APR_CONFIG="--enable-pool-debug" - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_MALLOC=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: Shared MPMs (event), pool-debug, SSL/TLS variants - config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=event - env: | - APR_VERSION=1.7.x - APR_CONFIG="--enable-pool-debug" - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_MALLOC=1 - TEST_SSL=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: Shared MPMs (worker), pool-debug, SSL/TLS variants - config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=worker - env: | - APR_VERSION=1.7.x - APR_CONFIG="--enable-pool-debug" - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_MALLOC=1 - TEST_SSL=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: Shared MPMs (prefork), pool-debug, SSL/TLS variants - config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=prefork - env: | - APR_VERSION=1.7.x - APR_CONFIG="--enable-pool-debug" - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_MALLOC=1 - TEST_SSL=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: litmus WebDAV tests - config: --enable-dav --enable-dav-fs - env: | - LITMUS=1 - TESTS="t/modules/dav.t" - pkgs: litmus - # ------------------------------------------------------------------------- - - name: litmus WebDAV tests, APR trunk, LMDB - config: --enable-dav --enable-dav-fs - pkgs: litmus liblmdb-dev - env: | - APR_VERSION=trunk - APR_CONFIG="--with-lmdb --with-dbm=lmdb" - LITMUS=1 - TESTS="t/modules/dav.t" - # ------------------------------------------------------------------------- - # MFLAGS= works around https://bz.apache.org/bugzilla/show_bug.cgi?id=63942 - ## TODO if: *condition_not_24x - - name: Regenerate ap_expr - config: --enable-mods-shared=reallyall --enable-maintainer-mode - notest-cflags: -Werror -Wno-deprecated-declarations - env: | - BUILDCONFIG="--with-regen-expr" - MFLAGS= - # ------------------------------------------------------------------------- - - name: APR 1.7.4, APR-util 1.6.3, LDAP - config: --enable-mods-shared=reallyall - pkgs: ldap-utils + - name: OpenSSL 3.2 build + config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto env: | + TEST_OPENSSL3=3.1.5 APR_VERSION=1.7.4 APU_VERSION=1.6.3 - APU_CONFIG="--with-crypto --with-ldap" - TEST_MALLOC=1 - TEST_LDAP=1 - TEST_ARGS="-defines LDAP" - TESTS="t/modules/" - # ------------------------------------------------------------------------- - ### TODO: if: *condition_not_24x - - name: APR trunk thread debugging - config: --enable-mods-shared=reallyall --with-mpm=event - env: | - APR_VERSION=trunk - APR_CONFIG="--with-crypto --enable-thread-debug" - # ------------------------------------------------------------------------- - - name: UBSan - notest-cflags: -fsanitize=undefined -fno-sanitize-recover=undefined - config: --enable-mods-shared=reallyall --disable-http2 - env: | - NOTEST_LIBS=-lubsan - TEST_UBSAN=1 - # ------------------------------------------------------------------------- - - name: ASan - notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer - config: --enable-mods-shared=reallyall - env: | - APR_VERSION=1.7.x - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_ASAN=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: ASan, pool-debug - notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer - config: --enable-mods-shared=reallyall - env: | - APR_VERSION=1.7.x - APR_CONFIG="--enable-pool-debug" - APU_VERSION=1.7.x - APU_CONFIG="--with-crypto --with-ldap" - TEST_ASAN=1 - CLEAR_CACHE=1 - # ------------------------------------------------------------------------- - - name: HTTP/2 test suite - config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=all - pkgs: curl python3-pytest nghttp2-client python3-cryptography python3-requests python3-multipart python3-filelock python3-websockets + APU_CONFIG="--without-crypto" + - name: OpenSSL 3.2 -Werror build + config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto + notest-cflags: -Werror -O2 -Wno-deprecated-declarations env: | + TEST_OPENSSL3=3.1.5 APR_VERSION=1.7.4 APU_VERSION=1.6.3 - APU_CONFIG="--with-crypto" - NO_TEST_FRAMEWORK=1 - TEST_INSTALL=1 - TEST_H2=1 - TEST_CORE=1 - TEST_PROXY=1 - # ------------------------------------------------------------------------- - ### TODO: if: *condition_not_24x - ### TODO: pebble install is broken. - # - name: ACME test suite - # config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=event - # pkgs: >- - # python3-pytest nghttp2-client python3-cryptography python3-requests python3-filelock - # golang-1.17 curl - # env: | - # APR_VERSION=1.7.4 - # APU_VERSION=1.6.3 - # APU_CONFIG="--with-crypto" - # GOROOT=/usr/lib/go-1.17 - # NO_TEST_FRAMEWORK=1 - # TEST_INSTALL=1 - # TEST_MD=1 - # ------------------------------------------------------------------------- - ### TODO: if: *condition_not_24x - - name: MOD_TLS test suite - config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=event - pkgs: curl python3-pytest nghttp2-client python3-cryptography python3-requests python3-multipart python3-filelock python3-websockets cargo cbindgen + APU_CONFIG="--without-crypto" + - name: OpenSSL 3.2 no-engine build + config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto env: | + TEST_OPENSSL3=3.1.5 + OPENSSL_CONFIG=no-engine APR_VERSION=1.7.4 APU_VERSION=1.6.3 - APU_CONFIG="--with-crypto" - RUSTLS_VERSION="v0.10.0" - NO_TEST_FRAMEWORK=1 - TEST_INSTALL=1 - TEST_MOD_TLS=1 - - name: Configured w/reduced exports - config: --enable-reduced-exports --enable-maintainer-mode - env: | - SKIP_TESTING=1 - TEST_INSTALL=1 - # ------------------------------------------------------------------------- - ### TODO if: *condition_not_24x - ### TODO: Fails because :i386 packages are not being found. - # - name: i386 Shared MPMs, most modules, maintainer-mode w/-Werror - # config: --enable-mods-shared=reallyall --disable-xml2enc --disable-proxy-html --enable-mpms-shared=all --enable-maintainer-mode - # pkgs: >- - # cpanminus libc6-dev-i386 gcc-multilib libexpat1-dev:i386 libssl-dev:i386 - # lib32z1-dev libbrotli-dev:i386 libpcre2-dev:i386 libldap2-dev:i386 libtool-bin - # perl-doc libapr1-dev libbrotli-dev:i386 - # env: | - # PKG_CONFIG_PATH="/usr/lib/i386-linux-gnu/pkgconfig" - # NOTEST_CFLAGS="-Werror" - # CC="gcc -m32" - # APR_VERSION=1.7.0 - # APU_VERSION=1.6.3 - # APU_CONFIG="--with-crypto --with-ldap" + APU_CONFIG="--without-crypto" runs-on: ubuntu-latest timeout-minutes: 30 env: diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 689da3066dc..70aac404ce9 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -979,21 +979,19 @@ apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p, const char *certid, const char *keyid, X509 **pubkey, EVP_PKEY **privkey) { -#if MODSSL_HAVE_OPENSSL_STORE +#if MODSSL_HAVE_ENGINE_API SSLModConfigRec *mc = myModConfig(s); /* For OpenSSL 3.x, use the STORE-based API if either ENGINE * support was not present compile-time, or if it's built but * SSLCryptoDevice is not configured. */ -#if MODSSL_HAVE_ENGINE_API - if (!mc->szCryptoDevice) + if (mc->szCryptoDevice) + return modssl_load_keypair_engine(s, p, vhostid, certid, keyid, + pubkey, privkey); #endif - return modssl_load_keypair_store(s, p, vhostid, certid, keyid, - pubkey, privkey); -#endif -#if MODSSL_HAVE_ENGINE_API - return modssl_load_keypair_engine(s, p, vhostid, certid, keyid, - pubkey, privkey); +#if MODSSL_HAVE_OPENSSL_STORE + return modssl_load_keypair_store(s, p, vhostid, certid, keyid, + pubkey, privkey); #else return APR_ENOTIMPL; #endif diff --git a/test/travis_before_linux.sh b/test/travis_before_linux.sh index 58c1337b380..e67931847ba 100755 --- a/test/travis_before_linux.sh +++ b/test/travis_before_linux.sh @@ -115,7 +115,7 @@ if test -v TEST_OPENSSL3; then curl "https://www.openssl.org/source/openssl-${TEST_OPENSSL3}.tar.gz" | tar -xzf - cd openssl-${TEST_OPENSSL3} - ./Configure --prefix=$HOME/root/openssl3 shared no-tests + ./Configure --prefix=$HOME/root/openssl3 shared no-tests ${OPENSSL_CONFIG} make $MFLAGS make install_sw touch $HOME/root/openssl-is-${TEST_OPENSSL3} diff --git a/test/travis_run_linux.sh b/test/travis_run_linux.sh index 19ccb601b15..1b90879ea65 100755 --- a/test/travis_run_linux.sh +++ b/test/travis_run_linux.sh @@ -62,6 +62,8 @@ fi if test -v TEST_OPENSSL3; then CONFIG="$CONFIG --with-ssl=$HOME/root/openssl3" export LD_LIBRARY_PATH=$HOME/root/openssl3/lib:$HOME/root/openssl3/lib64 + export PATH=$HOME/root/openssl3/bin:$PATH + openssl version fi srcdir=$PWD