build report:
[1/2] Building C object CMakeFiles/regress.dir/test/regress_mbedtls.c.o
/src/le/libevent/test/regress_mbedtls.c:50: warning: "SSL_get_peer_certificate" redefined
50 | #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
|
In file included from /src/le/libevent/test/regress.h:139,
from /src/le/libevent/test/regress_mbedtls.c:35:
/src/oss/openssl/include/openssl/ssl.h:1799: note: this is the location of the previous definition
1799 | # define SSL_get_peer_certificate SSL_get1_peer_certificate
|
[2/2] Linking C executable bin/regress
But this should be cleaned up.
Since OpenSSL 3.0 there is new OPENSSL_VERSION_MAJOR, but previous
releases does not have it.
So let's use plain old OPENSSL_VERSION_NUMBER to avoid more preprocessor
macros.
* Don't use deprecated functions when building against OpenSSL 3.0.
* Recognise that OpenSSL 3.0 can signal a dirty shutdown as a protocol.
error in addition to the expected IO error produced by OpenSSL 1.1.1
* Update regress_mbedtls.c for compatibility with OpenSSL 3
* mbedtls-3:
sample/ssl-client-mbedtls.c: fix for MbedTLS 3
sample/ssl-client-mbedtls.c: break the loop on EOF
sample/ssl-client-mbedtls.c: fix printing response in readcb
Initial Mbed-TLS 3 support to get the GitHub Actions working again
Support build dir of the MbedTLS
@ploxiln:
On current homebrew, openssl@1.1 is the only openssl:
[pierce@plo-mbp15 libevent]$ brew --prefix openssl
/usr/local/opt/openssl@1.1
[pierce@plo-mbp15 libevent]$ brew info openssl
openssl@1.1: stable 1.1.1g (bottled) [keg-only]
Cryptography and SSL/TLS Toolkit
@fanquake
Indeed. OpenSSL 1.0 was removed from homebew in Homebrew/homebrew-core#46876. Related discussion also in Homebrew/homebrew-core#46454.
* fix-brew-autodetection:
ci: fix cmake build w/o OPENSSL_ROOT_DIR
ci: remove separate build for BREW_AUTODETECT_OPENSSL (use it by default)
autotools: fix autodetection of openssl location via brew
mingw has upgraded to Mbed-TLS 3.1.0, so all the mingw tests that need
Mbed-TLS currently don't work.
v2: add missing mbedtls/version.h into test/regress_mbedtls.c
v3: suppress #warning "Including compat-2.x.h is deprecated" for mbedtls/compat-2.x.h
Error
configure.ac:291: warning: AC_CHECK_FUNCS(getnameinfo
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(getprotobynumber
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(getservbyname
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(inet_ntop
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
configure.ac:291: warning: AC_CHECK_FUNCS(inet_pton
): you should use literals
../autoconf-2.71/lib/autoconf/functions.m4:117: AC_CHECK_FUNCS is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:692: _AS_IF_ELSE is expanded from...
../autoconf-2.71/lib/m4sugar/m4sh.m4:699: AS_IF is expanded from...
configure.ac:291: the top level
In function evconnlistener_new_bind() after go to "err:", The
evutil_closesocket() would clear the error code( I found this under
Windows ). User can not use EVUTIL_SOCKET_ERROR() to get the
evconnlistener_new_bind()'s failing error.
I add a err_code variable to store and restore the last error code.
v2: rebased by azat to make the patch simpler
* Werror:
test: ignore -Walloc-size-larger-than error for calloc() returns ENOMEM
Fix EVBASE_ACQUIRE_LOCK/EVBASE_RELEASE_LOCK for EVENT__DISABLE_THREAD_SUPPORT
http: suppress "flags may be used uninitialized in this function" error
Detech -Wno-unused-functions for GCC too
cmake: add compiler version to the status message
Fix BEV_LOCK/BEV_UNLOCK macros for EVENT__DISABLE_THREAD_SUPPORT
Run builds with -Werror on CI for linux
Fix -Werror for autotools
Add -Wundef for cmake and fix EVENT__SIZEOF_TIME_T usage
Compiler report:
/home/runner/work/libevent/libevent/test/regress_util.c: In function ‘test_event_calloc’:
/home/runner/work/libevent/libevent/test/regress_util.c:1318:4: error: argument 2 value ‘9223372036854775815’ exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
p = mm_calloc(EV_SIZE_MAX/2, EV_SIZE_MAX/2 + 8);
In file included from /home/runner/work/libevent/libevent/test/../util-internal.h:37:0,
from /home/runner/work/libevent/libevent/test/regress_util.c:30:
/usr/include/stdlib.h:541:14: note: in a call to allocation function ‘calloc’ declared here
extern void *calloc (size_t __nmemb, size_t __size)
v2: clang on CI does not have this option
Some GCC reports [1]:
/home/runner/work/libevent/libevent/http.c: In function ‘evhttp_make_header’:
/home/runner/work/libevent/libevent/http.c:503:14: error: ‘flags’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
ev_uint16_t flags;
^~~~~
/home/runner/work/libevent/libevent/http.c: In function ‘evhttp_get_body’:
/home/runner/work/libevent/libevent/http.c:2354:14: error: ‘flags’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
ev_uint16_t flags;
^~~~~
[1]: https://github.com/libevent/libevent/runs/7263518338?check_suite_focus=true#logs
Otherwise build fails [1]:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/minheap-internal.h:64:6: error: ‘min_heap_ctor_’ defined but not used [-Werror=unused-function]
void min_heap_ctor_(min_heap_t* s) { s->p = 0; s->n = 0; s->a = 0; }
^~~~~~~~~~~~~~
In file included from /home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/buffer.c:91:0:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/bufferevent-internal.h:414:1: error: ‘bufferevent_trigger_nolock_’ defined but not used [-Werror=unused-function]
bufferevent_trigger_nolock_(struct bufferevent *bufev, short iotype, int options)
^~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/buffer.c:89:0:
/home/runner/work/libevent/libevent/dist/libevent-2.2.0-alpha-dev/evthread-internal.h:140:1: error: ‘EVLOCK_TRY_LOCK_’ defined but not used [-Werror=unused-function]
EVLOCK_TRY_LOCK_(void *lock)
[1]: https://github.com/libevent/libevent/runs/7263518180?check_suite_focus=true
These are updates to help with OpenSSL 3 compilation. I found
https://github.com/libevent/libevent/pull/1288 after I started this, but
these seem independent, and fix a different set of problems:
- First off, OpenSSL 3 does not by default allow signing with SHA1
digests - moving this to SHA256 universally at this point seems a
better idea than continuing to use the insecure SHA1 for older OpenSSL
versions. This fixes X509_sign failing in regress_openssl for a number
of tests, eg:
```
regress: http/https_openssl_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_filter_basic:
FAIL ../test/regress_openssl.c:106: assert(0 != X509_sign(x509, key, EVP_sha1()))[Lost connection!] http/https_openssl_simple:
...
```
- Secondly, when using TLS 1.3, there's no support for renegotiation, so
for the renegotiation tests, we need to disable TLS v1.3, and expect
to negotiate TLS 1.1 or 1.2
Fixes: #661
* upstream/pr/1291:
OpenSSL 3 fixes: Disable TLS 1.3 when testing renegotiation support
OpenSSL 3 fixes: use SHA256 instead of SHA1
Otherwise GCC will warn. i.e:
```bash
CCLD libevent_openssl.la
cc1: note: unrecognized command-line option ‘-Wno-void-pointer-to-enum-cast’
may have been intended to silence earlier diagnostics
CCLD libevent_mbedtls.la
```
TLS 1.3 does not support renegotation - it has been removed from the
protocol. Disable TLS 1.3 when testing this, so we negotiate an older
protocol version
I found the correct path by looking at the _Disable Key Refresh_ step in
_mingw::autotools::set up msys2_ task
(https://github.com/rectified95/libevent/runs/5858227589?check_suite_focus=true)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "((Get-Content -path **D:\a\_temp\msys64**\etc\post-install\07-pacman-key.post -Raw) ...
The Windows CI is failing at the prepare vcpkg step while installing zlib
Changing the vcpkg commit hash to point to latest release
https://github.com/microsoft/vcpkg/releases/tag/2022.03.10 as opposed to
sometime in 2019 to see if that fixes it.
In ce8be2385b5fee16859a630fca0c98ad290c8e21 ("cmake: set rpath for
libraries on linux") RPATH was first instroduced.
Later in 6d09efe8686de824adf3d8810bbe0d5c386643e4 ("Set RPATH only if
installation is done into non system directory") it was set only if it
was installed to non system directory.
But absolute RPATH not a good default, let's change this.
Fixes: #920
Currently the code uses long, but long does not always have the same
representation as a pointer, such as on 64-bit Windows where long is
only 32-bit due to its unususal LLP64 ABI, but also on CHERI, and thus
Arm's prototype Morello architecture, where C language pointers are
represented as hardware capabilities, which have bounds, permissions and
other metadata to enforce spatial memory safety. Both of these cases
warn when casting a long to a pointer (Windows due to long being shorter
and thus it being likely you've truncated the address, and CHERI due to
long not having any capability metadata like pointers and thus it being
likely you've stripped the metadata, with the resulting "null-derived"
capability destined to trap if dereferenced), and in both cases casting
to intptr_t as the intermediate type instead will get rid of those
warnings.
