Public CI workers has pretty high load, and sometimes you need to test
only specific workflow, i.e. windows.
So let's add ability to limit which workflow should be run.
* openssl-3:
ci: use ubuntu 22.04 with OpenSSl 3.0 instead of building OpenSSL from sources
ci: set LD_LIBRARY_PATH for openssl 3.0 build
test: suppress warning for already defined SSL_get_peer_certificate
autotools: print $OPENSSL_LIBS/$OPENSSL_INCS
Suppress -Wunused-value for BIO_set_close()
Use OPENSSL_VERSION_NUMBER over OPENSSL_VERSION_MAJOR (for compatibility)
Attempt to add OpenSSL 3 to the Linux build matrix
Initial OpenSSL 3.0 support
Fixes:
/home/runner/work/libevent/libevent/build/test/.libs/regress: error while loading shared libraries: libssl.so.3: cannot open shared object file: No such file or directory
build report:
[1/2] Building C object CMakeFiles/regress.dir/test/regress_mbedtls.c.o
/src/le/libevent/test/regress_mbedtls.c:50: warning: "SSL_get_peer_certificate" redefined
50 | #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
|
In file included from /src/le/libevent/test/regress.h:139,
from /src/le/libevent/test/regress_mbedtls.c:35:
/src/oss/openssl/include/openssl/ssl.h:1799: note: this is the location of the previous definition
1799 | # define SSL_get_peer_certificate SSL_get1_peer_certificate
|
[2/2] Linking C executable bin/regress
But this should be cleaned up.
Since OpenSSL 3.0 there is new OPENSSL_VERSION_MAJOR, but previous
releases does not have it.
So let's use plain old OPENSSL_VERSION_NUMBER to avoid more preprocessor
macros.
* Don't use deprecated functions when building against OpenSSL 3.0.
* Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
error in addition to the expected IO error produced by OpenSSL 1.1.1
* Update regress_mbedtls.c for compatibility with OpenSSL 3
* mbedtls-3:
sample/ssl-client-mbedtls.c: fix for MbedTLS 3
sample/ssl-client-mbedtls.c: break the loop on EOF
sample/ssl-client-mbedtls.c: fix printing response in readcb
Initial Mbed-TLS 3 support to get the GitHub Actions working again
Support build dir of the MbedTLS
@ploxiln:
On current homebrew, openssl@1.1 is the only openssl:
[pierce@plo-mbp15 libevent]$ brew --prefix openssl
/usr/local/opt/openssl@1.1
[pierce@plo-mbp15 libevent]$ brew info openssl
openssl@1.1: stable 1.1.1g (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
@fanquake
Indeed. OpenSSL 1.0 was removed from homebew in Homebrew/homebrew-core#46876. Related discussion also in Homebrew/homebrew-core#46454.
* fix-brew-autodetection:
ci: fix cmake build w/o OPENSSL_ROOT_DIR
ci: remove separate build for BREW_AUTODETECT_OPENSSL (use it by default)
autotools: fix autodetection of openssl location via brew
mingw has upgraded to Mbed-TLS 3.1.0, so all the mingw tests that need
Mbed-TLS currently don't work.
v2: add missing mbedtls/version.h into test/regress_mbedtls.c
v3: suppress #warning "Including compat-2.x.h is deprecated" for mbedtls/compat-2.x.h
Error
configure.ac:291: warning: AC_CHECK_FUNCS(getnameinfo
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(getprotobynumber
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(getservbyname
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(inet_ntop
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(inet_pton
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
In function evconnlistener_new_bind() after go to "err:", The
evutil_closesocket() would clear the error code( I found this under
Windows ). User can not use EVUTIL_SOCKET_ERROR() to get the
evconnlistener_new_bind()'s failing error.
I add a err_code variable to store and restore the last error code.
v2: rebased by azat to make the patch simpler
* Werror:
test: ignore -Walloc-size-larger-than error for calloc() returns ENOMEM
Fix EVBASE_ACQUIRE_LOCK/EVBASE_RELEASE_LOCK for EVENT__DISABLE_THREAD_SUPPORT
http: suppress "flags may be used uninitialized in this function" error
Detech -Wno-unused-functions for GCC too
cmake: add compiler version to the status message
Fix BEV_LOCK/BEV_UNLOCK macros for EVENT__DISABLE_THREAD_SUPPORT
Run builds with -Werror on CI for linux
Fix -Werror for autotools
Add -Wundef for cmake and fix EVENT__SIZEOF_TIME_T usage
Compiler report:
/home/runner/work/libevent/libevent/test/regress_util.c: In function ‘test_event_calloc’:
/home/runner/work/libevent/libevent/test/regress_util.c:1318:4: error: argument 2 value ‘9223372036854775815’ exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
p = mm_calloc(EV_SIZE_MAX/2, EV_SIZE_MAX/2 + 8);
In file included from /home/runner/work/libevent/libevent/test/../util-internal.h:37:0,
from /home/runner/work/libevent/libevent/test/regress_util.c:30:
/usr/include/stdlib.h:541:14: note: in a call to allocation function ‘calloc’ declared here
extern void *calloc (size_t __nmemb, size_t __size)
v2: clang on CI does not have this option
Some GCC reports [1]:
/home/runner/work/libevent/libevent/http.c: In function ‘evhttp_make_header’:
/home/runner/work/libevent/libevent/http.c:503:14: error: ‘flags’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
ev_uint16_t flags;
^~~~~
/home/runner/work/libevent/libevent/http.c: In function ‘evhttp_get_body’:
/home/runner/work/libevent/libevent/http.c:2354:14: error: ‘flags’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
ev_uint16_t flags;
^~~~~
[1]: https://github.com/libevent/libevent/runs/7263518338?check_suite_focus=true#logs
Otherwise build fails [1]:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/minheap-internal.h:64:6: error: ‘min_heap_ctor_’ defined but not used [-Werror=unused-function]
void min_heap_ctor_(min_heap_t* s) { s->p = 0; s->n = 0; s->a = 0; }
^~~~~~~~~~~~~~
In file included from /home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/buffer.c:91:0:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/bufferevent-internal.h:414:1: error: ‘bufferevent_trigger_nolock_’ defined but not used [-Werror=unused-function]
bufferevent_trigger_nolock_(struct bufferevent *bufev, short iotype, int options)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/buffer.c:89:0:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/evthread-internal.h:140:1: error: ‘EVLOCK_TRY_LOCK_’ defined but not used [-Werror=unused-function]
EVLOCK_TRY_LOCK_(void *lock)
[1]: https://github.com/libevent/libevent/runs/7263518180?check_suite_focus=true
These are updates to help with OpenSSL 3 compilation. I found
https://github.com/libevent/libevent/pull/1288 after I started this, but
these seem independent, and fix a different set of problems:
- First off, OpenSSL 3 does not by default allow signing with SHA1
digests - moving this to SHA256 universally at this point seems a
better idea than continuing to use the insecure SHA1 for older OpenSSL
versions. This fixes X509_sign failing in regress_openssl for a number
of tests, eg:
```
regress: http/https_openssl_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_filter_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_simple:
...
```
- Secondly, when using TLS 1.3, there's no support for renegotiation, so
for the renegotiation tests, we need to disable TLS v1.3, and expect
to negotiate TLS 1.1 or 1.2
Fixes: #661
* upstream/pr/1291:
OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support
OpenSSL 3 fixes: use SHA256 instead of SHA1
Otherwise GCC will warn. i.e:
```bash
CCLD libevent_openssl.la
cc1: note: unrecognized command-line option ‘-Wno-void-pointer-to-enum-cast’
may have been intended to silence earlier diagnostics
CCLD libevent_mbedtls.la
```
TLS 1.3 does not support renegotation - it has been removed from the
protocol. Disable TLS 1.3 when testing this, so we negotiate an older
protocol version
I found the correct path by looking at the _Disable Key Refresh_ step in
_mingw::autotools::set up msys2_ task
(https://github.com/rectified95/libevent/runs/5858227589?check_suite_focus=true)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "((Get-Content -path **D:\a\_temp\msys64**\etc\post-install\07-pacman-key.post -Raw) ...
The Windows CI is failing at the prepare vcpkg step while installing zlib
Changing the vcpkg commit hash to point to latest release
https://github.com/microsoft/vcpkg/releases/tag/2022.03.10 as opposed to
sometime in 2019 to see if that fixes it.
In ce8be2385b5fee16859a630fca0c98ad290c8e21 ("cmake: set rpath for
libraries on linux") RPATH was first instroduced.
Later in 6d09efe8686de824adf3d8810bbe0d5c386643e4 ("Set RPATH only if
installation is done into non system directory") it was set only if it
was installed to non system directory.
But absolute RPATH not a good default, let's change this.
Fixes: #920
