-
Notifications
You must be signed in to change notification settings - Fork 704
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build(bindings): use cmake when building with pq feature #3294
Conversation
a03ddf8
to
a2fb625
Compare
# Pin to this version until s2n-tls supports OpenSSL 3.0 | ||
# Build the vendored version to make it easy to test in dev |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to pin to a version if the actual openssl version is automatically discovered?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when you use the vendored
feature flag it pulls the source and builds it locally for you. after 0.9.68
the pull openssl 3.0 instead of 1.1.1.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but we only do this in dev to make it so you don't have to run our codebuild install scripts
Description of changes:
We currently don't have support for building the rust bindings when vendored with PQ support. The PQ crypto build logic is quite complicated so it hasn't been ported to the
build.rs
.Instead of porting the logic, this PR builds s2n-tls with cmake when the PQ feature is enabled. This is a lot less work but does require that cmake is installed on the build machine.
Testing:
I've added
cargo test --features pq
to ourgenerate.sh
script to catch any issues.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.