From 0d1894ecbba29d6c42fd143114c1abe9cfe7609c Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Wed, 8 Jun 2022 19:46:22 +0900 Subject: [PATCH 1/2] Disable neverbleed for macos Disable neverbleed for macos because it does not work with libressl installed on github actions. --- .github/workflows/build.yml | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 89c43aa8..1425b1e9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -150,8 +150,18 @@ jobs: run: | autoreconf -i ./configure - - name: Configure cmake - if: matrix.buildtool == 'cmake' + - name: Configure cmake (Linux) + if: matrix.buildtool == 'cmake' && runner.os == 'Linux' + run: | + make dist + VERSION=$(grep PACKAGE_VERSION config.h | cut -d' ' -f3 | tr -d '"') + tar xf nghttp2-$VERSION.tar.gz + cd nghttp2-$VERSION + echo 'NGHTTP2_CMAKE_DIR='"$PWD" >> $GITHUB_ENV + + cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" . + - name: Configure cmake (MacOS) + if: matrix.buildtool == 'cmake' && runner.os == 'macOS' run: | make dist VERSION=$(grep PACKAGE_VERSION config.h | cut -d' ' -f3 | tr -d '"') @@ -162,12 +172,17 @@ jobs: # This fixes infamous 'stdio.h not found' error. echo 'SDKROOT='"$(xcrun --sdk macosx --show-sdk-path)" >> $GITHUB_ENV - cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DWITH_NEVERBLEED=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" . - - name: Build nghttp2 with autotools - if: matrix.buildtool == 'autotools' + cmake -DENABLE_WERROR=1 -DWITH_MRUBY=1 -DENABLE_APP=1 $EXTRA_CMAKE_OPTS -DCPPFLAGS="$CPPFLAGS" -DLDFLAGS="$LDFLAGS" . + - name: Build nghttp2 with autotools (Linux) + if: matrix.buildtool == 'autotools' && runner.os == 'Linux' run: | - make -j"$(nproc 2> /dev/null || sysctl -n hw.ncpu)" distcheck \ + make -j"$(nproc)" distcheck \ DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-neverbleed --with-libev --enable-werror $EXTRA_AUTOTOOLS_OPTS CPPFLAGS=\"$CPPFLAGS\" LDFLAGS=\"$LDFLAGS\"" + - name: Build nghttp2 with autotools (MacOS) + if: matrix.buildtool == 'autotools' && runner.os == 'macOS' + run: | + make -j"$(sysctl -n hw.ncpu)" distcheck \ + DISTCHECK_CONFIGURE_FLAGS="--with-mruby --with-libev --enable-werror $EXTRA_AUTOTOOLS_OPTS CPPFLAGS=\"$CPPFLAGS\" LDFLAGS=\"$LDFLAGS\"" - name: Build nghttp2 with cmake if: matrix.buildtool == 'cmake' run: | From f38d9f8cf6e4edf5b2005206a5c9e96cfb81b432 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Wed, 8 Jun 2022 19:58:12 +0900 Subject: [PATCH 2/2] Compile with libressl >= 3.5 --- src/shrpx_connection.cc | 20 ++++++++++---------- src/ssl_compat.h | 2 ++ 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc index e8f5192e..a0fcab76 100644 --- a/src/shrpx_connection.cc +++ b/src/shrpx_connection.cc @@ -44,13 +44,13 @@ using namespace nghttp2; namespace shrpx { -#if !LIBRESSL_2_7_API && !OPENSSL_1_1_API +#if !LIBRESSL_3_5_API && !LIBRESSL_2_7_API && !OPENSSL_1_1_API void *BIO_get_data(BIO *bio) { return bio->ptr; } void BIO_set_data(BIO *bio, void *ptr) { bio->ptr = ptr; } void BIO_set_init(BIO *bio, int init) { bio->init = init; } -#endif // !LIBRESSL_2_7_API && !OPENSSL_1_1_API +#endif // !LIBRESSL_3_5_API && !LIBRESSL_2_7_API && !OPENSSL_1_1_API Connection::Connection(struct ev_loop *loop, int fd, SSL *ssl, MemchunkPool *mcpool, ev_tstamp write_timeout, @@ -259,14 +259,14 @@ long shrpx_bio_ctrl(BIO *b, int cmd, long num, void *ptr) { namespace { int shrpx_bio_create(BIO *b) { -#if OPENSSL_1_1_API +#if OPENSSL_1_1_API || LIBRESSL_3_5_API BIO_set_init(b, 1); -#else // !OPENSSL_1_1_API +#else // !OPENSSL_1_1_API && !LIBRESSL_3_5_API b->init = 1; b->num = 0; b->ptr = nullptr; b->flags = 0; -#endif // !OPENSSL_1_1_API +#endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API return 1; } } // namespace @@ -277,17 +277,17 @@ int shrpx_bio_destroy(BIO *b) { return 0; } -#if !OPENSSL_1_1_API +#if !OPENSSL_1_1_API && !LIBRESSL_3_5_API b->ptr = nullptr; b->init = 0; b->flags = 0; -#endif // !OPENSSL_1_1_API +#endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API return 1; } } // namespace -#if OPENSSL_1_1_API +#if OPENSSL_1_1_API || LIBRESSL_3_5_API BIO_METHOD *create_bio_method() { auto meth = BIO_meth_new(BIO_TYPE_FD, "nghttpx-bio"); @@ -302,7 +302,7 @@ BIO_METHOD *create_bio_method() { return meth; } -#else // !OPENSSL_1_1_API +#else // !OPENSSL_1_1_API && !LIBRESSL_3_5_API BIO_METHOD *create_bio_method() { static auto meth = new BIO_METHOD{ @@ -314,7 +314,7 @@ BIO_METHOD *create_bio_method() { return meth; } -#endif // !OPENSSL_1_1_API +#endif // !OPENSSL_1_1_API && !LIBRESSL_3_5_API void Connection::set_ssl(SSL *ssl) { tls.ssl = ssl; diff --git a/src/ssl_compat.h b/src/ssl_compat.h index 87f326a4..79f9edbf 100644 --- a/src/ssl_compat.h +++ b/src/ssl_compat.h @@ -33,6 +33,7 @@ # define LIBRESSL_IN_USE 1 # define LIBRESSL_LEGACY_API (LIBRESSL_VERSION_NUMBER < 0x20700000L) # define LIBRESSL_2_7_API (LIBRESSL_VERSION_NUMBER >= 0x20700000L) +# define LIBRESSL_3_5_API (LIBRESSL_VERSION_NUMBER >= 0x30500000L) # else // !LIBRESSL_VERSION_NUMBER # define OPENSSL_1_1_API (OPENSSL_VERSION_NUMBER >= 0x1010000fL) # define OPENSSL_1_1_1_API (OPENSSL_VERSION_NUMBER >= 0x10101000L) @@ -40,6 +41,7 @@ # define LIBRESSL_IN_USE 0 # define LIBRESSL_LEGACY_API 0 # define LIBRESSL_2_7_API 0 +# define LIBRESSL_3_5_API 0 # endif // !LIBRESSL_VERSION_NUMBER #endif // OPENSSL_COMPAT_H