Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"could not set signature algorithms" when running Servo on Android #25619

Closed
zhuowei opened this issue Jan 26, 2020 · 2 comments
Closed

"could not set signature algorithms" when running Servo on Android #25619

zhuowei opened this issue Jan 26, 2020 · 2 comments
Labels
A-build A-network I-bustage P-android

Comments

@zhuowei
Copy link
Contributor

@zhuowei zhuowei commented Jan 26, 2020

When I launch Servo on Android, nothing happens: the page stays blank, and trying to navigate to any site does nothing.

In the logcat, there are these two error messages:

01-26 17:20:56.332  5655  5704 W simpleservo: constellation::constellation: Visibility change for closed browsing context PipelineId { namespace_id: PipelineNamespaceId(1), index: PipelineIndex(1) }.
01-26 17:20:56.416  5655  5683 D simpleservo: thread 'ResourceManager' panicked at 'could not set signature algorithms: ErrorStack([])', components/net/connector.rs:97:5
01-26 17:20:56.416  5655  5683 D simpleservo: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

01-26 17:22:30.358  5655  5680 I simpleservo: simpleservo: load_uri: https://example.org/
01-26 17:22:30.359  5655  5704 W simpleservo: constellation::constellation: LoadUrl for unknow browsing context: TopLevelBrowsingContextId(BrowsingContextId { namespace_id: PipelineNamespaceId(0), index: BrowsingContextIndex(1) })

Android 10, Pixel 3 XL, Servo nightly build downloaded January 26th.

The call to set_sigalgs_list was added in #24976. Does the version of OpenSSL 1.0.2k used o n Android actually support all the signature algorithms specified there? The source doesn't mention ed448 at all:

:~/servo-work/servo/target/android/aarch64-linux-android/native/openssl/openssl-1.0.2k$ grep -r ed448
:~/servo-work/servo/target/android/aarch64-linux-android/native/openssl/openssl-1.0.2k$
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Jan 26, 2020

I guess your analysis is correct. set_sigalgs_list() can be used with OpenSSL 1.0.2 and later. I expected that unknown signature algorithms would be ignored. The best fix is upgrading OpenSSL to 1.1.1 for Android as well. That would also bring TLS 1.3 support to this target.
@Darkspirit
Copy link
Contributor

@Darkspirit Darkspirit commented Jan 27, 2020

We need https://www.openssl.org/source/openssl-1.1.1d.tar.gz at this location:

servo/support/android/openssl.makefile

Line 13 in 7596a0f

URL=https://servo-deps.s3.amazonaws.com/android-deps/openssl-${OPENSSL_VERSION}.tar.gz; \

These should be changed to 1.1.1d:

servo/python/servo/build_commands.py

Line 334 in ce6204b

env["OPENSSL_VERSION"] = "1.0.2k"

servo/python/servo/build_commands.py

Line 583 in ce6204b

env.setdefault("OPENSSL_VERSION", "1.0.2k")

openssl.sh might need a small change: https://wiki.openssl.org/index.php/Android

NOTE: The instructions on this page are for older versions of OpenSSL (they should work for OpenSSL 1.0.2). For OpenSSL 1.1.1 see the INSTALL and NOTES.ANDROID files in the source distribution.
@Darkspirit Darkspirit mentioned this issue Feb 7, 2020
Closed
@Darkspirit Darkspirit mentioned this issue Feb 12, 2020
Merged
3 of 3 tasks complete
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=<try>
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
bd15738 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
4cde1c6 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
aa0620a 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 12, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
4b51ba0 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
04a83c4 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
1cbbc96 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 13, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
585ea2d 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
fc963d3 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
0a9c916 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
bors-servo added a commit that referenced this issue Feb 14, 2020
@bors-servo
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
1191a47 
Add OpenSSL 1.1.1 build check, Update HSTS Preload list

* This variant also works with cross-compilation. PR should fail in CI on Android at first:
  The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
  > As a result RSA, DSA and DH keys shorter than [2048 bits](https://github.com/cabforum/documents/blob/16a5a9bb78a193266f8d1465de1ee5a1acf5d184/docs/BR.md#6153-subscriber-certificates) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
  = note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
          libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
          sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
          targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```

- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-build A-network I-bustage P-android
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

Add OpenSSL 1.1.1 build check, Update HSTS Preload list
3 participants
@jdm @zhuowei @Darkspirit
You can’t perform that action at this time.