Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extconf.rb - add logging for OpenSSL versions #3370

Merged
merged 2 commits into from Apr 15, 2024
Merged

extconf.rb - add logging for OpenSSL versions #3370

merged 2 commits into from Apr 15, 2024

Conversation

MSP-Greg
Copy link
Member

Description

This PR only changes logging when compiling with OpenSSL.

Currently, extconf.rb has comments about which functions exist in various OpenSSL versions. This PR changes the comments to ouput logging. Example below, all lines beginning with three dashes are new:

checking for pkg-config for openssl... [" ", "", "-lssl -lcrypto"]
──── Using OpenSSL pkgconfig (openssl.pc) ────
checking for openssl/bio.h... yes

──── Below are yes for 1.0.2 & later ────
checking for DTLS_method() in openssl/ssl.h... yes
checking for SSL_CTX_set_session_cache_mode(NULL, 0) in openssl/ssl.h... yes
checking for SSL_CTX_set_ecdh_auto(NULL, 0) in openssl/ssl.h... yes

──── Below are yes for 1.1.0 & later ────
checking for TLS_server_method() in openssl/ssl.h... yes
checking for SSL_CTX_set_min_proto_version(NULL, 0) in openssl/ssl.h... yes
checking for X509_STORE_up_ref()... yes

──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────
checking for SSL_CTX_set_dh_auto(NULL, 0) in openssl/ssl.h... yes

──── Below is yes for 1.1.1 & later ────
checking for SSL_CTX_set_ciphersuites(NULL, "") in openssl/ssl.h... yes

──── Below is yes for 3.0.0 & later ────
checking for SSL_get1_peer_certificate() in openssl/ssl.h... yes

These comments appear in CI logs, and if one is installing the gem, the log fie is gem_make.out in the proper Ruby 'extensions' folder.

Your checklist for this pull request

  • I have reviewed the guidelines for contributing to this repository.
  • I have added (or updated) appropriate tests if this PR fixes a bug or adds a feature.
  • My pull request is 100 lines added/removed or less so that it can be easily reviewed.
  • If this PR doesn't need tests (docs change), I added [ci skip] to the title of the PR.
  • If this closes any issues, I have added "Closes #issue" to the PR description or my commit messages.
  • I have updated the documentation accordingly.
  • All new and existing tests passed, including Rubocop.

dentarg
dentarg reviewed Apr 15, 2024
View reviewed changes
ext/puma_http11/extconf.rb Outdated

# below are yes for 1.1.1 & later
have_func "SSL_CTX_set_ciphersuites(NULL, \"\")" , ssl_h

have_func "X509_STORE_up_ref"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should X509_STORE_up_ref be under 1.1.1? It moved here

https://www.openssl.org/docs/man1.1.0/man3/X509_STORE_up_ref.html is "Page Not Found" but https://www.openssl.org/docs/man1.1.1/man3/X509_STORE_up_ref.html exist

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenSSL docs, especially older ones...

See https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/crypto/x509/x509_lu.c#L220

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just updated the PR, added links for the two 'special items'...

@MSP-Greg
Copy link
Member Author

@dentarg

I reviewed this again, and two of the have_func calls were no longer being used in mini_ssl.c, so the last commit removed them...

@MSP-Greg MSP-Greg merged commit 23720fe into puma:master Apr 15, 2024
66 of 70 checks passed
@MSP-Greg MSP-Greg deleted the 00-log-ssl-compile-checks branch April 16, 2024 00:12
rus-max pushed a commit to rus-max/puma that referenced this pull request Apr 25, 2024
@MSP-Greg
extconf.rb - add logging for OpenSSL versions (puma#3370)
761790b 
* extconf.rb - add logging for OpenSSL versions

* ext.conf.rb - remove unused 'have_func' calls
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dentarg dentarg dentarg approved these changes

Assignees
No one assigned
Labels
c-ext refactor ssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MSP-Greg @dentarg