Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Try OpenSSL 3.2.0 build. #415

Closed
wants to merge 7 commits into from
+24 −239
Closed

Try OpenSSL 3.2.0 build. #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
1e43793
Try OpenSSL 3.2.0 build.
notroj Feb 29, 2024
59c4dc6
Try just OpenSSL 3.2.0 build.
notroj Feb 29, 2024
8b7c1fb
Avoid deprecation warnings in APR.
notroj Feb 29, 2024
91f53b6
Disable modules which may pull in a conflicting OpenSSL.
notroj Feb 29, 2024
d88185c
Disable APR-util crypto support.
notroj Feb 29, 2024
d47e559
Disable more modules.
notroj Feb 29, 2024
000dcb9
Try OpenSSL 3.1.5.
notroj Feb 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
243 changes: 14 additions & 229 deletions .github/workflows/linux.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,244 +28,29 @@ jobs:
fail-fast: false
matrix:
include:
# -------------------------------------------------------------------------
- name: Empty APLOGNO() test
env: |
SKIP_TESTING=1
TEST_LOGNO=1
# -------------------------------------------------------------------------
- name: Default
# -------------------------------------------------------------------------
- name: All-static modules
config: --enable-mods-static=reallyall
# -------------------------------------------------------------------------
- name: Prefork MPM, all-modules (except cgid)
config: --enable-mods-shared=reallyall --with-mpm=prefork --disable-cgid
# -------------------------------------------------------------------------
- name: Worker MPM, all-modules
config: --enable-mods-shared=reallyall --with-mpm=worker
# -------------------------------------------------------------------------
- name: Shared MPMs, all-modules
config: --enable-mods-shared=reallyall --enable-mpms-shared=all
# -------------------------------------------------------------------------
- name: Event MPM, all-modules, mod_cgid only
config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi
# -------------------------------------------------------------------------
- name: Event MPM, all-modules, no CMSG_DATA
config: --enable-mods-shared=reallyall --with-mpm=event ac_cv_have_decl_CMSG_DATA=no
# -------------------------------------------------------------------------
- name: Default, all-modules + install
config: --enable-mods-shared=reallyall
env: |
TEST_INSTALL=1
APACHE_TEST_EXTRA_ARGS=-v
# -------------------------------------------------------------------------
- name: Default, all-modules, random test order
config: --enable-mods-shared=reallyall
env: |
TEST_ARGS=-order=random
# -------------------------------------------------------------------------
- name: GCC 10 maintainer-mode w/-Werror, install + VPATH
config: --enable-mods-shared=reallyall --enable-maintainer-mode
notest-cflags: -Werror -O2
env: |
CC=gcc-10
TEST_VPATH=1
TEST_INSTALL=1
SKIP_TESTING=1
# -------------------------------------------------------------------------
- name: All-modules, APR 1.7.4, APR-util 1.6.3
config: --enable-mods-shared=reallyall
env: |
APR_VERSION=1.7.4
APU_VERSION=1.6.3
APU_CONFIG="--with-crypto --with-ldap"
# -------------------------------------------------------------------------
- name: APR 1.8.x, APR-util 1.7.x
config: --enable-mods-shared=reallyall
env: |
APR_VERSION=1.8.x
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: Pool-debug
config: --enable-mods-shared=reallyall
env: |
APR_VERSION=1.7.x
APR_CONFIG="--enable-pool-debug"
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_MALLOC=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: Shared MPMs (event), pool-debug, SSL/TLS variants
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=event
env: |
APR_VERSION=1.7.x
APR_CONFIG="--enable-pool-debug"
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_MALLOC=1
TEST_SSL=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: Shared MPMs (worker), pool-debug, SSL/TLS variants
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=worker
env: |
APR_VERSION=1.7.x
APR_CONFIG="--enable-pool-debug"
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_MALLOC=1
TEST_SSL=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: Shared MPMs (prefork), pool-debug, SSL/TLS variants
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=prefork
env: |
APR_VERSION=1.7.x
APR_CONFIG="--enable-pool-debug"
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_MALLOC=1
TEST_SSL=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: litmus WebDAV tests
config: --enable-dav --enable-dav-fs
env: |
LITMUS=1
TESTS="t/modules/dav.t"
pkgs: litmus
# -------------------------------------------------------------------------
- name: litmus WebDAV tests, APR trunk, LMDB
config: --enable-dav --enable-dav-fs
pkgs: litmus liblmdb-dev
env: |
APR_VERSION=trunk
APR_CONFIG="--with-lmdb --with-dbm=lmdb"
LITMUS=1
TESTS="t/modules/dav.t"
# -------------------------------------------------------------------------
# MFLAGS= works around https://bz.apache.org/bugzilla/show_bug.cgi?id=63942
## TODO if: *condition_not_24x
- name: Regenerate ap_expr
config: --enable-mods-shared=reallyall --enable-maintainer-mode
notest-cflags: -Werror -Wno-deprecated-declarations
env: |
BUILDCONFIG="--with-regen-expr"
MFLAGS=
# -------------------------------------------------------------------------
- name: APR 1.7.4, APR-util 1.6.3, LDAP
config: --enable-mods-shared=reallyall
pkgs: ldap-utils
- name: OpenSSL 3.2 build
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto
env: |
TEST_OPENSSL3=3.1.5
APR_VERSION=1.7.4
APU_VERSION=1.6.3
APU_CONFIG="--with-crypto --with-ldap"
TEST_MALLOC=1
TEST_LDAP=1
TEST_ARGS="-defines LDAP"
TESTS="t/modules/"
# -------------------------------------------------------------------------
### TODO: if: *condition_not_24x
- name: APR trunk thread debugging
config: --enable-mods-shared=reallyall --with-mpm=event
env: |
APR_VERSION=trunk
APR_CONFIG="--with-crypto --enable-thread-debug"
# -------------------------------------------------------------------------
- name: UBSan
notest-cflags: -fsanitize=undefined -fno-sanitize-recover=undefined
config: --enable-mods-shared=reallyall --disable-http2
env: |
NOTEST_LIBS=-lubsan
TEST_UBSAN=1
# -------------------------------------------------------------------------
- name: ASan
notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer
config: --enable-mods-shared=reallyall
env: |
APR_VERSION=1.7.x
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_ASAN=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: ASan, pool-debug
notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer
config: --enable-mods-shared=reallyall
env: |
APR_VERSION=1.7.x
APR_CONFIG="--enable-pool-debug"
APU_VERSION=1.7.x
APU_CONFIG="--with-crypto --with-ldap"
TEST_ASAN=1
CLEAR_CACHE=1
# -------------------------------------------------------------------------
- name: HTTP/2 test suite
config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=all
pkgs: curl python3-pytest nghttp2-client python3-cryptography python3-requests python3-multipart python3-filelock python3-websockets
APU_CONFIG="--without-crypto"
- name: OpenSSL 3.2 -Werror build
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto
notest-cflags: -Werror -O2 -Wno-deprecated-declarations
env: |
TEST_OPENSSL3=3.1.5
APR_VERSION=1.7.4
APU_VERSION=1.6.3
APU_CONFIG="--with-crypto"
NO_TEST_FRAMEWORK=1
TEST_INSTALL=1
TEST_H2=1
TEST_CORE=1
TEST_PROXY=1
# -------------------------------------------------------------------------
### TODO: if: *condition_not_24x
### TODO: pebble install is broken.
# - name: ACME test suite
# config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=event
# pkgs: >-
# python3-pytest nghttp2-client python3-cryptography python3-requests python3-filelock
# golang-1.17 curl
# env: |
# APR_VERSION=1.7.4
# APU_VERSION=1.6.3
# APU_CONFIG="--with-crypto"
# GOROOT=/usr/lib/go-1.17
# NO_TEST_FRAMEWORK=1
# TEST_INSTALL=1
# TEST_MD=1
# -------------------------------------------------------------------------
### TODO: if: *condition_not_24x
- name: MOD_TLS test suite
config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=event
pkgs: curl python3-pytest nghttp2-client python3-cryptography python3-requests python3-multipart python3-filelock python3-websockets cargo cbindgen
APU_CONFIG="--without-crypto"
- name: OpenSSL 3.2 no-engine build
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto
env: |
TEST_OPENSSL3=3.1.5
OPENSSL_CONFIG=no-engine
APR_VERSION=1.7.4
APU_VERSION=1.6.3
APU_CONFIG="--with-crypto"
RUSTLS_VERSION="v0.10.0"
NO_TEST_FRAMEWORK=1
TEST_INSTALL=1
TEST_MOD_TLS=1
- name: Configured w/reduced exports
config: --enable-reduced-exports --enable-maintainer-mode
env: |
SKIP_TESTING=1
TEST_INSTALL=1
# -------------------------------------------------------------------------
### TODO if: *condition_not_24x
### TODO: Fails because :i386 packages are not being found.
# - name: i386 Shared MPMs, most modules, maintainer-mode w/-Werror
# config: --enable-mods-shared=reallyall --disable-xml2enc --disable-proxy-html --enable-mpms-shared=all --enable-maintainer-mode
# pkgs: >-
# cpanminus libc6-dev-i386 gcc-multilib libexpat1-dev:i386 libssl-dev:i386
# lib32z1-dev libbrotli-dev:i386 libpcre2-dev:i386 libldap2-dev:i386 libtool-bin
# perl-doc libapr1-dev libbrotli-dev:i386
# env: |
# PKG_CONFIG_PATH="/usr/lib/i386-linux-gnu/pkgconfig"
# NOTEST_CFLAGS="-Werror"
# CC="gcc -m32"
# APR_VERSION=1.7.0
# APU_VERSION=1.6.3
# APU_CONFIG="--with-crypto --with-ldap"
APU_CONFIG="--without-crypto"
runs-on: ubuntu-latest
timeout-minutes: 30
env:
Expand Down
16 changes: 7 additions & 9 deletions modules/ssl/ssl_engine_pphrase.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -979,21 +979,19 @@ apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p,
const char *certid, const char *keyid,
X509 **pubkey, EVP_PKEY **privkey)
{
#if MODSSL_HAVE_OPENSSL_STORE
#if MODSSL_HAVE_ENGINE_API
SSLModConfigRec *mc = myModConfig(s);

/* For OpenSSL 3.x, use the STORE-based API if either ENGINE
* support was not present compile-time, or if it's built but
* SSLCryptoDevice is not configured. */
#if MODSSL_HAVE_ENGINE_API
if (!mc->szCryptoDevice)
if (mc->szCryptoDevice)
return modssl_load_keypair_engine(s, p, vhostid, certid, keyid,
pubkey, privkey);
#endif
return modssl_load_keypair_store(s, p, vhostid, certid, keyid,
pubkey, privkey);
#endif
#if MODSSL_HAVE_ENGINE_API
return modssl_load_keypair_engine(s, p, vhostid, certid, keyid,
pubkey, privkey);
#if MODSSL_HAVE_OPENSSL_STORE
return modssl_load_keypair_store(s, p, vhostid, certid, keyid,
pubkey, privkey);
#else
return APR_ENOTIMPL;
#endif
Expand Down
2 changes: 1 addition & 1 deletion test/travis_before_linux.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ if test -v TEST_OPENSSL3; then
curl "https://www.openssl.org/source/openssl-${TEST_OPENSSL3}.tar.gz" |
tar -xzf -
cd openssl-${TEST_OPENSSL3}
./Configure --prefix=$HOME/root/openssl3 shared no-tests
./Configure --prefix=$HOME/root/openssl3 shared no-tests ${OPENSSL_CONFIG}
make $MFLAGS
make install_sw
touch $HOME/root/openssl-is-${TEST_OPENSSL3}
Expand Down
2 changes: 2 additions & 0 deletions test/travis_run_linux.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ fi
if test -v TEST_OPENSSL3; then
CONFIG="$CONFIG --with-ssl=$HOME/root/openssl3"
export LD_LIBRARY_PATH=$HOME/root/openssl3/lib:$HOME/root/openssl3/lib64
export PATH=$HOME/root/openssl3/bin:$PATH
openssl version
fi

srcdir=$PWD
Expand Down
Loading