From 43c951f743e68fac5f45119eda7c994882a1d489 Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Fri, 30 Sep 2016 00:43:05 -0700 Subject: Add support for OpenSSL 1.1.0 This commit is relatively major refactoring of the `openssl-sys` crate as well as the `openssl` crate itself. The end goal here was to support OpenSSL 1.1.0, and lots of other various tweaks happened along the way. The major new features are: * OpenSSL 1.1.0 is supported * OpenSSL 0.9.8 is no longer supported (aka all OSX users by default) * All FFI bindings are verified with the `ctest` crate (same way as the `libc` crate) * CI matrixes are vastly expanded to include 32/64 of all platforms, more OpenSSL version coverage, as well as ARM coverage on Linux * The `c_helpers` module is completely removed along with the `gcc` dependency. * The `openssl-sys` build script was completely rewritten * Now uses `OPENSSL_DIR` to find the installation, not include/lib env vars. * Better error messages for mismatched versions. * Better error messages for failing to find OpenSSL on a platform (more can be done here) * Probing of OpenSSL build-time configuration to inform the API of the `*-sys` crate. * Many Cargo features have been removed as they're now enabled by default. As this is a breaking change to both the `openssl` and `openssl-sys` crates this will necessitate a major version bump of both. There's still a few more API questions remaining but let's hash that out on a PR! Closes #452 --- openssl/test/build.sh | 35 +++++++++++++++++++++++++---------- openssl/test/run.sh | 33 ++++++++------------------------- 2 files changed, 33 insertions(+), 35 deletions(-) (limited to 'openssl/test') diff --git a/openssl/test/build.sh b/openssl/test/build.sh index 2c38f3a3..106a38d3 100755 --- a/openssl/test/build.sh +++ b/openssl/test/build.sh @@ -1,33 +1,48 @@ #!/bin/bash -set -e + +set -ex MAX_REDIRECTS=5 -OPENSSL=openssl-1.0.2h.tar.gz +OPENSSL=openssl-$BUILD_OPENSSL_VERSION.tar.gz OUT=/tmp/$OPENSSL -SHA1="577585f5f5d299c44dd3c993d3c0ac7a219e4949" + +me=$0 +myname=`basename $me` + +cmp --silent $me $HOME/openssl/$myname && exit 0 || echo "cache is busted" + +rm -rf $HOME/openssl if [ "$TRAVIS_OS_NAME" == "osx" ]; then exit 0 fi -if [ "$TARGET" == "arm-unknown-linux-gnueabihf" ]; then - export C_INCLUDE_PATH=/usr/arm-linux-gnueabihf/include - CROSS=arm-linux-gnueabihf- +if [ "$BUILD_OPENSSL_VERSION" == "" ]; then + exit 0 +fi + +if [ "$TARGET" == "i686-unknown-linux-gnu" ]; then + OS_COMPILER=linux-elf + OS_FLAGS=-m32 +elif [ "$TARGET" == "arm-unknown-linux-gnueabihf" ]; then OS_COMPILER=linux-armv4 + export AR=arm-linux-gnueabihf-ar + export CC=arm-linux-gnueabihf-gcc else OS_COMPILER=linux-x86_64 fi mkdir -p /tmp/openssl +cp $me /tmp/openssl/$myname cd /tmp/openssl curl -o $OUT -L --max-redirs $MAX_REDIRECTS https://openssl.org/source/$OPENSSL \ || curl -o $OUT -L --max-redirs ${MAX_REDIRECTS} http://mirrors.ibiblio.org/openssl/source/$OPENSSL -echo "$SHA1 $OUT" | sha1sum -c - - tar --strip-components=1 -xzf $OUT -./Configure --prefix=$HOME/openssl shared --cross-compile-prefix=$CROSS $OS_COMPILER -make +./Configure --prefix=$HOME/openssl $OS_COMPILER -fPIC $OS_FLAGS + +make -j$(nproc) make install +cp $myname $HOME/openssl/$myname diff --git a/openssl/test/run.sh b/openssl/test/run.sh index 2c2473b1..eed7ebac 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -1,32 +1,15 @@ #!/bin/bash set -e -MAIN_TARGETS=https://static.rust-lang.org/dist - -if [ "$TEST_FEATURES" == "true" ]; then - FEATURES="tlsv1_2 tlsv1_1 dtlsv1 dtlsv1_2 sslv3 aes_xts aes_ctr npn alpn rfc5114 ecdh_auto pkcs5_pbkdf2_hmac x509_clone ssl_context_clone x509_generator_request hmac hmac_clone dh_from_params x509_expiry" -fi - -if [ "$TRAVIS_OS_NAME" != "osx" ]; then - export OPENSSL_LIB_DIR=$HOME/openssl/lib - export OPENSSL_INCLUDE_DIR=$HOME/openssl/include - export LD_LIBRARY_PATH=$HOME/openssl/lib:$LD_LIBRARY_PATH +if [ "$BUILD_OPENSSL_VERSION" != "" ]; then + FEATURES="aes_xts aes_ctr npn alpn rfc5114 ecdh_auto" fi -if [ -n "$TARGET" ]; then - FLAGS="--target=$TARGET" - COMMAND="build" - - # Download the rustlib folder from the relevant portion of main distribution's - # tarballs. - dir=rust-std-$TARGET - pkg=rust-std - curl -s $MAIN_TARGETS/$pkg-$TRAVIS_RUST_VERSION-$TARGET.tar.gz | \ - tar xzf - -C $HOME/rust/lib/rustlib --strip-components=4 \ - $pkg-$TRAVIS_RUST_VERSION-$TARGET/$dir/lib/rustlib/$TARGET -else - COMMAND="test" +if [ -d "$HOME/openssl/lib" ]; then + export OPENSSL_DIR=$HOME/openssl + export PATH=$HOME/openssl/bin:$PATH fi -export PATH=$HOME/openssl/bin:$PATH -(cd openssl && RUST_BACKTRACE=1 cargo $COMMAND $FLAGS --features "$FEATURES") +cargo run --manifest-path systest/Cargo.toml --target $TARGET +exec cargo test --manifest-path openssl/Cargo.toml --target $TARGET \ + --features "$FEATURES" -- cgit v1.2.3 From b610e01793f31836bb5e56b655a3bbae498649d6 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 13 Oct 2016 19:06:53 -0700 Subject: Flag off dtls and mask ssl_ops Also un-feature gate npn as it ships with 1.0.1 --- openssl/test/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'openssl/test') diff --git a/openssl/test/run.sh b/openssl/test/run.sh index eed7ebac..cecf3c52 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -2,7 +2,7 @@ set -e if [ "$BUILD_OPENSSL_VERSION" != "" ]; then - FEATURES="aes_xts aes_ctr npn alpn rfc5114 ecdh_auto" + FEATURES="aes_xts aes_ctr alpn rfc5114 ecdh_auto openssl-102" fi if [ -d "$HOME/openssl/lib" ]; then -- cgit v1.2.3 From 1883590c61e912a627e3c02542d9a2d0b4019d24 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Thu, 13 Oct 2016 19:21:12 -0700 Subject: Correct feature selection in tests --- openssl/test/run.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'openssl/test') diff --git a/openssl/test/run.sh b/openssl/test/run.sh index cecf3c52..cc4756bf 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -1,9 +1,16 @@ #!/bin/bash set -e -if [ "$BUILD_OPENSSL_VERSION" != "" ]; then - FEATURES="aes_xts aes_ctr alpn rfc5114 ecdh_auto openssl-102" -fi +case "$BUILD_OPENSSL_VERSION" in + 1.0.2*) + FEATURES="openssl-102" + ;; + 1.1.0*) + FEATURES="openssl-110" + ;; +esac + +echo Using features: $FEATURES if [ -d "$HOME/openssl/lib" ]; then export OPENSSL_DIR=$HOME/openssl -- cgit v1.2.3 From 984b9a0cc7257befe031c922fffe19ef65f2f2e7 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Fri, 14 Oct 2016 22:28:24 -0700 Subject: Don't run test on ARM They're very segfaulty, but it's almost certainly due to the QEMU layer. We really just want to make sure things compile. --- openssl/test/run.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'openssl/test') diff --git a/openssl/test/run.sh b/openssl/test/run.sh index cc4756bf..cd422db7 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -17,6 +17,10 @@ if [ -d "$HOME/openssl/lib" ]; then export PATH=$HOME/openssl/bin:$PATH fi +if [ "$TARGET" == "arm-unknown-linux-gnueabihf" ]; then + FLAGS="--no-run" +fi + cargo run --manifest-path systest/Cargo.toml --target $TARGET exec cargo test --manifest-path openssl/Cargo.toml --target $TARGET \ - --features "$FEATURES" + --features "$FEATURES" $FLAGS -- cgit v1.2.3 From 194298a057bad2b79e45ef346a0e6f37f8bc0716 Mon Sep 17 00:00:00 2001 From: Steven Fackler Date: Mon, 17 Oct 2016 21:21:09 -0700 Subject: Implement new feature setup The basic idea here is that there is a feature for each supported OpenSSL version. Enabling multiple features represents support for multiple OpenSSL versions, but it's then up to you to check which version you link against (probably by depending on openssl-sys and making a build script similar to what openssl does). --- openssl/test/run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'openssl/test') diff --git a/openssl/test/run.sh b/openssl/test/run.sh index cd422db7..4d3397a6 100755 --- a/openssl/test/run.sh +++ b/openssl/test/run.sh @@ -3,10 +3,10 @@ set -e case "$BUILD_OPENSSL_VERSION" in 1.0.2*) - FEATURES="openssl-102" + FEATURES="v102" ;; 1.1.0*) - FEATURES="openssl-110" + FEATURES="v110" ;; esac -- cgit v1.2.3