Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport test fixes to 3.0 #751

Merged
merged 6 commits into from
Apr 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
118 changes: 71 additions & 47 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,19 +3,36 @@ name: CI
on: [push, pull_request]

jobs:
ruby-versions:
uses: ruby/actions/.github/workflows/ruby_versions.yml@master
with:
engine: cruby-truffleruby
min_version: 2.6
test:
needs: ruby-versions
name: >-
${{ matrix.os }} ${{ matrix.ruby }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# ubuntu-latest is 22.04, uses OpenSSL 3
os: [ ubuntu-20.04, macos-latest ]
ruby: [ head, "3.0", "2.7", "2.6" ]
# ubuntu-22.04 uses OpenSSL 3.0, ubuntu-20.04 uses OpenSSL 1.1.1
os: [ ubuntu-22.04, ubuntu-20.04, macos-latest, windows-latest ]
ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }}
exclude:
# uses non-standard MSYS2 OpenSSL 3 package
- { os: windows-latest, ruby: head }
- { os: windows-latest, ruby: truffleruby }
- { os: windows-latest, ruby: truffleruby-head }
- { os: macos-latest, ruby: truffleruby }
- { os: ubuntu-20.04, ruby: truffleruby }
include:
- { os: windows-latest, ruby: ucrt }
- { os: windows-latest, ruby: mswin }

steps:
- name: repo checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: load ruby
uses: ruby/setup-ruby@v1
Expand All @@ -25,75 +42,73 @@ jobs:
- name: depends
run: bundle install

- name: compile
run: rake compile -- --enable-debug
# Enable the verbose option in mkmf.rb to print the compiling commands.
- name: enable mkmf verbose
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
if: runner.os == 'Linux' || runner.os == 'macOS'

- name: test
run: rake test TESTOPTS="-v --no-show-detail-immediately" OSSL_MDEBUG=1
- name: set flags to check compiler warnings.
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
if: ${{ !matrix.skip-warnings }}

test-windows:
name: >-
${{ matrix.os }} ${{ matrix.ruby }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ windows-latest ]
# current mswin build uses OpenSSL 3
ruby: [ mingw, "3.0", "2.7", "2.6" ]
steps:
- name: repo checkout
uses: actions/checkout@v3

- name: load ruby, install/update gcc, install openssl
uses: MSP-Greg/setup-ruby-pkgs@v1
with:
ruby-version: ${{ matrix.ruby }}
mingw: _upgrade_ openssl

- name: depends
run: bundle install

# pkg-config is disabled because it can pick up the different OpenSSL installation
# SSL_DIR is set as needed by MSP-Greg/setup-ruby-pkgs
# only used with mswin
- name: compile
run: rake compile -- --enable-debug --without-pkg-config $env:SSL_DIR
run: rake compile

- name: test
run: rake test TESTOPTS="-v --no-show-detail-immediately" OSSL_MDEBUG=1
run: rake test TESTOPTS="-v --no-show-detail-immediately"
timeout-minutes: 5

test-openssls:
name: >-
${{ matrix.openssl }}
${{ matrix.openssl }} ${{ matrix.name-extra || '' }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest ]
ruby: [ "3.0" ]
openssl:
# https://www.openssl.org/source/
- openssl-1.0.2u # EOL
- openssl-1.1.0l # EOL
- openssl-1.1.1l
- openssl-3.0.1
- openssl-1.1.1w # EOL
- openssl-3.0.13
- openssl-3.1.5
- openssl-3.2.1
- openssl-3.3.0
# http://www.libressl.org/releases.html
- libressl-3.1.5 # EOL
- libressl-3.2.6
- libressl-3.3.4
- libressl-3.2.7 # EOL
- libressl-3.3.6 # EOL
- libressl-3.4.3 # EOL
- libressl-3.5.3 # EOL
- libressl-3.6.3 # EOL
- libressl-3.7.3 # EOL
- libressl-3.8.4
- libressl-3.9.1
steps:
- name: repo checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: prepare openssl
run: |
# Enable Bash debugging option temporarily for debugging use.
set -x
mkdir -p tmp/build-openssl && cd tmp/build-openssl
case ${{ matrix.openssl }} in
openssl-*)
curl -OL https://ftp.openssl.org/source/${{ matrix.openssl }}.tar.gz
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
if [ -z "${{ matrix.git }}" ]; then
curl -OL https://ftp.openssl.org/source/${{ matrix.openssl }}.tar.gz
tar xf ${{ matrix.openssl }}.tar.gz && cd ${{ matrix.openssl }}
else
git clone -b ${{ matrix.branch }} --depth 1 ${{ matrix.git }} ${{ matrix.openssl }}
cd ${{ matrix.openssl }}
# Log the commit hash.
echo "Git commit: $(git rev-parse HEAD)"
fi
# shared is required for 1.0.x.
./Configure --prefix=$HOME/.openssl/${{ matrix.openssl }} --libdir=lib \
shared linux-x86_64
shared linux-x86_64 ${{ matrix.append-configure }}
make depend
;;
libressl-*)
Expand All @@ -116,8 +131,17 @@ jobs:
- name: depends
run: bundle install

- name: enable mkmf verbose
run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV
if: runner.os == 'Linux' || runner.os == 'macOS'

- name: set flags to check compiler warnings.
run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV
if: ${{ !matrix.skip-warnings }}

- name: compile
run: rake compile -- --enable-debug --with-openssl-dir=$HOME/.openssl/${{ matrix.openssl }}
run: rake compile -- --with-openssl-dir=$HOME/.openssl/${{ matrix.openssl }}

- name: test
run: rake test TESTOPTS="-v --no-show-detail-immediately" OSSL_MDEBUG=1
run: rake test TESTOPTS="-v --no-show-detail-immediately"
timeout-minutes: 5
4 changes: 2 additions & 2 deletions ext/openssl/ossl_pkey.c
Original file line number Diff line number Diff line change
Expand Up @@ -951,7 +951,7 @@ ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
rb_jump_tag(state);
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
#if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
if (EVP_DigestSign(ctx, NULL, &siglen, (unsigned char *)RSTRING_PTR(data),
RSTRING_LEN(data)) < 1) {
EVP_MD_CTX_free(ctx);
Expand Down Expand Up @@ -1056,7 +1056,7 @@ ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
rb_jump_tag(state);
}
}
#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
#if OSSL_OPENSSL_PREREQ(1, 1, 1) || OSSL_LIBRESSL_PREREQ(3, 4, 0)
ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig),
RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data),
RSTRING_LEN(data));
Expand Down
5 changes: 0 additions & 5 deletions test/openssl/test_asn1.rb
Original file line number Diff line number Diff line change
Expand Up @@ -404,9 +404,6 @@ def test_set
def test_utctime
encode_decode_test B(%w{ 17 0D }) + "160908234339Z".b,
OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 39))
# Seconds is omitted
decode_test B(%w{ 17 0B }) + "1609082343Z".b,
OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
begin
# possible range of UTCTime is 1969-2068 currently
encode_decode_test B(%w{ 17 0D }) + "690908234339Z".b,
Expand All @@ -432,8 +429,6 @@ def test_generalizedtime
OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 29))
encode_decode_test B(%w{ 18 0F }) + "99990908234339Z".b,
OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
decode_test B(%w{ 18 0D }) + "201612081934Z".b,
OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
# not implemented
# decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
# OpenSSL::ASN1::GeneralizedTime.new(Time.new(2016, 12, 8, 19, 34, 39, "+09:30"))
Expand Down
3 changes: 3 additions & 0 deletions test/openssl/test_ssl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -995,6 +995,9 @@ def test_verify_hostname_failure_error_code
end

def test_connect_certificate_verify_failed_exception_message
# Won't fix on the 3.0 branch
return if openssl?(3, 1, 0)

start_server(ignore_listener_error: true) { |port|
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params
Expand Down
7 changes: 1 addition & 6 deletions test/openssl/test_x509req.rb
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,6 @@ def test_version
assert_equal(0, req.version)
req = OpenSSL::X509::Request.new(req.to_der)
assert_equal(0, req.version)

req = issue_csr(1, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
assert_equal(1, req.version)
req = OpenSSL::X509::Request.new(req.to_der)
assert_equal(1, req.version)
end

def test_subject
Expand Down Expand Up @@ -106,7 +101,7 @@ def test_sign_and_verify_rsa_sha1
assert_equal(false, req.verify(@rsa2048))
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
req.version = 1
req.subject = OpenSSL::X509::Name.parse("/C=JP/CN=FooBarFooBar")
assert_equal(false, req.verify(@rsa1024))
end

Expand Down