From bc48bec97b65534966da74a07ed3edb3f13f6263 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Sun, 25 Feb 2018 08:18:34 +0000 Subject: Revert "Add support for OpenSSL 1.1 and replace deprecated function calls" Until shown to be safe. See message from Johann Glaser to the mailing list. This reverts commit 85e7efc3fa0477f60318d2cd2144503a9ea8feb9. --- infrastructure/cmake/CMakeLists.txt | 21 +-------------------- infrastructure/cmake/windows/CMakeLists.txt | 18 ++++++------------ 2 files changed, 7 insertions(+), 32 deletions(-) (limited to 'infrastructure') diff --git a/infrastructure/cmake/CMakeLists.txt b/infrastructure/cmake/CMakeLists.txt index 65f59eb8..25015452 100644 --- a/infrastructure/cmake/CMakeLists.txt +++ b/infrastructure/cmake/CMakeLists.txt @@ -407,26 +407,7 @@ else() endif() # Link to OpenSSL -# Workaround for incorrect library suffixes searched by FindOpenSSL: -# https://gitlab.kitware.com/cmake/cmake/issues/17604 -if(WIN32 AND MSVC) - find_package(OpenSSL) - set(OPENSSL_SSL_LIBRARY ${SSL_EAY_RELEASE}) - set(OPENSSL_CRYPTO_LIBRARY ${LIB_EAY_RELEASE}) - set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY} crypt32) - find_package_handle_standard_args(OpenSSL - REQUIRED_VARS - OPENSSL_SSL_LIBRARY - OPENSSL_CRYPTO_LIBRARY - OPENSSL_INCLUDE_DIR - VERSION_VAR - OPENSSL_VERSION - FAIL_MESSAGE - "Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR" - ) -else() - find_package(OpenSSL REQUIRED) -endif() +find_package(OpenSSL REQUIRED) include_directories(${OPENSSL_INCLUDE_DIR}) target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) diff --git a/infrastructure/cmake/windows/CMakeLists.txt b/infrastructure/cmake/windows/CMakeLists.txt index 49a1ea4d..0fbe35e3 100644 --- a/infrastructure/cmake/windows/CMakeLists.txt +++ b/infrastructure/cmake/windows/CMakeLists.txt @@ -15,9 +15,9 @@ set(ZLIB_VERSION 1.2.11) set(ZLIB_HASH SHA256=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1) # Version of OpenSSL to download, build, and compile Box Backup against: -set(OPENSSL_VERSION 1.1.0g) +set(OPENSSL_VERSION 1.0.2j) # Hash of openssl-${OPENSSL_VERSION}.tar.gz, to be verified after download: -set(OPENSSL_HASH SHA256=de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af) +set(OPENSSL_HASH SHA256=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431) # Version of PCRE to download, build, and compile Box Backup against: set(PCRE_VERSION 8.39) @@ -49,21 +49,15 @@ if(WIN32) URL "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" URL_HASH ${OPENSSL_HASH} DOWNLOAD_NO_PROGRESS 1 - CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm no-shared - --prefix=${install_dir} - --openssldir=etc - # Run tests before install, but don't make the main target depend on them, so that - # we don't have to run them whenever we build manually on Windows. - TEST_BEFORE_INSTALL 1 - TEST_EXCLUDE_FROM_MAIN 1 + CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm --prefix=${install_dir} + COMMAND cmd /c ms\\do_ms.bat # You would expect us to use nt.mak to compile a static library here, but mk1mf.pl uses the /MT[d] # CRT in that case, which is incompatible with our dynamic runtime, /MD[d]. It seems that the libs # built by ntdll.mak, which are compiled with /MD[d], are full libraries and not import libs, # so we can link statically against them and still get a dynamic runtime. BUILD_IN_SOURCE 1 - BUILD_COMMAND nmake /s - TEST_COMMAND nmake /s test - INSTALL_COMMAND nmake /s install + BUILD_COMMAND nmake /s /f ms\\nt.mak + INSTALL_COMMAND nmake /s /f ms\\nt.mak install ) elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") ExternalProject_Add(openssl -- cgit v1.2.3 From c2547266775954292d78ab90b1af925d57c3f9e3 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Tue, 27 Feb 2018 22:39:10 +0000 Subject: Reimplement OpenSSL 1.1 support This time I have made the minimum number of changes necessary to make OpenSSL 1.1 work, and also added more tests which would have caught the issues with the previous attempt. Thanks to Johann Glaser for testing out the new version and reporting the issue with decryption! --- infrastructure/cmake/CMakeLists.txt | 21 ++++++++++++++++++++- infrastructure/cmake/windows/CMakeLists.txt | 18 ++++++++++++------ 2 files changed, 32 insertions(+), 7 deletions(-) (limited to 'infrastructure') diff --git a/infrastructure/cmake/CMakeLists.txt b/infrastructure/cmake/CMakeLists.txt index 25015452..65f59eb8 100644 --- a/infrastructure/cmake/CMakeLists.txt +++ b/infrastructure/cmake/CMakeLists.txt @@ -407,7 +407,26 @@ else() endif() # Link to OpenSSL -find_package(OpenSSL REQUIRED) +# Workaround for incorrect library suffixes searched by FindOpenSSL: +# https://gitlab.kitware.com/cmake/cmake/issues/17604 +if(WIN32 AND MSVC) + find_package(OpenSSL) + set(OPENSSL_SSL_LIBRARY ${SSL_EAY_RELEASE}) + set(OPENSSL_CRYPTO_LIBRARY ${LIB_EAY_RELEASE}) + set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY} crypt32) + find_package_handle_standard_args(OpenSSL + REQUIRED_VARS + OPENSSL_SSL_LIBRARY + OPENSSL_CRYPTO_LIBRARY + OPENSSL_INCLUDE_DIR + VERSION_VAR + OPENSSL_VERSION + FAIL_MESSAGE + "Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR" + ) +else() + find_package(OpenSSL REQUIRED) +endif() include_directories(${OPENSSL_INCLUDE_DIR}) target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES}) diff --git a/infrastructure/cmake/windows/CMakeLists.txt b/infrastructure/cmake/windows/CMakeLists.txt index 0fbe35e3..49a1ea4d 100644 --- a/infrastructure/cmake/windows/CMakeLists.txt +++ b/infrastructure/cmake/windows/CMakeLists.txt @@ -15,9 +15,9 @@ set(ZLIB_VERSION 1.2.11) set(ZLIB_HASH SHA256=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1) # Version of OpenSSL to download, build, and compile Box Backup against: -set(OPENSSL_VERSION 1.0.2j) +set(OPENSSL_VERSION 1.1.0g) # Hash of openssl-${OPENSSL_VERSION}.tar.gz, to be verified after download: -set(OPENSSL_HASH SHA256=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431) +set(OPENSSL_HASH SHA256=de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af) # Version of PCRE to download, build, and compile Box Backup against: set(PCRE_VERSION 8.39) @@ -49,15 +49,21 @@ if(WIN32) URL "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" URL_HASH ${OPENSSL_HASH} DOWNLOAD_NO_PROGRESS 1 - CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm --prefix=${install_dir} - COMMAND cmd /c ms\\do_ms.bat + CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm no-shared + --prefix=${install_dir} + --openssldir=etc + # Run tests before install, but don't make the main target depend on them, so that + # we don't have to run them whenever we build manually on Windows. + TEST_BEFORE_INSTALL 1 + TEST_EXCLUDE_FROM_MAIN 1 # You would expect us to use nt.mak to compile a static library here, but mk1mf.pl uses the /MT[d] # CRT in that case, which is incompatible with our dynamic runtime, /MD[d]. It seems that the libs # built by ntdll.mak, which are compiled with /MD[d], are full libraries and not import libs, # so we can link statically against them and still get a dynamic runtime. BUILD_IN_SOURCE 1 - BUILD_COMMAND nmake /s /f ms\\nt.mak - INSTALL_COMMAND nmake /s /f ms\\nt.mak install + BUILD_COMMAND nmake /s + TEST_COMMAND nmake /s test + INSTALL_COMMAND nmake /s install ) elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") ExternalProject_Add(openssl -- cgit v1.2.3 From 6178fd3469fb18f1ec829f64698c21305141783c Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Sat, 3 Mar 2018 10:54:51 +0000 Subject: Use OSX builds to test OpenSSL 1.1 compatibility as well See https://github.com/alex/pyopenssl/commit/02225c659a1441e5caeca0a327f85b241633f781 for example --- infrastructure/travis-build.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'infrastructure') diff --git a/infrastructure/travis-build.sh b/infrastructure/travis-build.sh index 74b58a3d..9ee3569e 100755 --- a/infrastructure/travis-build.sh +++ b/infrastructure/travis-build.sh @@ -4,11 +4,15 @@ set -e set -x if [ "$TRAVIS_OS_NAME" = "osx" ]; then - brew update + # No need to "brew update" first: https://docs.travis-ci.com/user/reference/osx/#Homebrew + # brew update + # Travis appears to have Boost and OpenSSL installed already: # brew install boost ccache openssl - ls /usr/local /usr/local/opt /usr/local/opt/openssl - brew install ccache + ls /usr/local /usr/local/opt /usr/local/opt/openssl /usr/local/opt/openssl@1.1 + + # Use OSX builds to test OpenSSL 1.1 compatibility as well: + brew install ccache openssl@1.1 fi ccache -s @@ -20,7 +24,9 @@ if [ "$BUILD" = 'cmake' ]; then fi if [ "$TRAVIS_OS_NAME" = "osx" ]; then - EXTRA_ARGS="-DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DBOOST_ROOT=/usr/local/opt/boost" + EXTRA_ARGS=" + -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 + -DBOOST_ROOT=/usr/local/opt/boost" fi cd `dirname $0` @@ -33,7 +39,10 @@ if [ "$BUILD" = 'cmake' ]; then [ "$TEST" = "n" ] || ctest -C $TEST_TARGET -V else if [ "$TRAVIS_OS_NAME" = "osx" ]; then - EXTRA_ARGS="--with-ssl-lib=/usr/local/opt/openssl/lib --with-ssl-headers=/usr/local/opt/openssl/include --with-boost=/usr/local/opt/boost" + EXTRA_ARGS=" + --with-ssl-lib=/usr/local/opt/openssl@1.1/lib + --with-ssl-headers=/usr/local/opt/openssl@1.1/include + --with-boost=/usr/local/opt/boost" fi cd `dirname $0`/.. -- cgit v1.2.3