Merge pull request #695 from Keruspe/master
openssl-sys: support libressl 2.6.1
This commit is contained in:
Steven Fackler
GitHub
commit
f0db1dbc95
|
|
@ -78,9 +78,9 @@ openssl_101: &OPENSSL_101
|
||||||
libressl_250: &LIBRESSL_250
|
libressl_250: &LIBRESSL_250
|
||||||
LIBRARY: libressl
|
LIBRARY: libressl
|
||||||
VERSION: 2.5.0
|
VERSION: 2.5.0
|
||||||
libressl_260: &LIBRESSL_260
|
libressl_261: &LIBRESSL_261
|
||||||
LIBRARY: libressl
|
LIBRARY: libressl
|
||||||
VERSION: 2.6.0
|
VERSION: 2.6.1
|
||||||
|
|
||||||
x86_64: &X86_64
|
x86_64: &X86_64
|
||||||
TARGET: x86_64-unknown-linux-gnu
|
TARGET: x86_64-unknown-linux-gnu
|
||||||
|
|
@ -139,10 +139,10 @@ jobs:
|
||||||
<<: *JOB
|
<<: *JOB
|
||||||
environment:
|
environment:
|
||||||
<<: [*LIBRESSL_250, *X86_64, *BASE]
|
<<: [*LIBRESSL_250, *X86_64, *BASE]
|
||||||
x86_64-libressl-2.6.0:
|
x86_64-libressl-2.6.1:
|
||||||
<<: *JOB
|
<<: *JOB
|
||||||
environment:
|
environment:
|
||||||
<<: [*LIBRESSL_260, *X86_64, *BASE]
|
<<: [*LIBRESSL_261, *X86_64, *BASE]
|
||||||
workflows:
|
workflows:
|
||||||
version: 2
|
version: 2
|
||||||
tests:
|
tests:
|
||||||
|
|
@ -157,4 +157,4 @@ workflows:
|
||||||
- armhf-openssl-1.0.2
|
- armhf-openssl-1.0.2
|
||||||
- armhf-openssl-1.0.1
|
- armhf-openssl-1.0.1
|
||||||
- x86_64-libressl-2.5.0
|
- x86_64-libressl-2.5.0
|
||||||
- x86_64-libressl-2.6.0
|
- x86_64-libressl-2.6.1
|
||||||
|
|
|
||||||
|
|
@ -316,8 +316,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version {
|
||||||
#include <openssl/opensslv.h>
|
#include <openssl/opensslv.h>
|
||||||
#include <openssl/opensslconf.h>
|
#include <openssl/opensslconf.h>
|
||||||
|
|
||||||
#if LIBRESSL_VERSION_NUMBER >= 0x20601000
|
#if LIBRESSL_VERSION_NUMBER >= 0x20602000
|
||||||
RUST_LIBRESSL_NEW
|
RUST_LIBRESSL_NEW
|
||||||
|
#elif LIBRESSL_VERSION_NUMBER >= 0x20601000
|
||||||
|
RUST_LIBRESSL_261
|
||||||
#elif LIBRESSL_VERSION_NUMBER >= 0x20600000
|
#elif LIBRESSL_VERSION_NUMBER >= 0x20600000
|
||||||
RUST_LIBRESSL_260
|
RUST_LIBRESSL_260
|
||||||
#elif LIBRESSL_VERSION_NUMBER >= 0x20506000
|
#elif LIBRESSL_VERSION_NUMBER >= 0x20506000
|
||||||
|
|
@ -412,42 +414,56 @@ See rust-openssl README for more information:
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl250");
|
println!("cargo:rustc-cfg=libressl250");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=250");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_251") {
|
} else if expanded.contains("RUST_LIBRESSL_251") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl251");
|
println!("cargo:rustc-cfg=libressl251");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=251");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_252") {
|
} else if expanded.contains("RUST_LIBRESSL_252") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl252");
|
println!("cargo:rustc-cfg=libressl252");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=252");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_253") {
|
} else if expanded.contains("RUST_LIBRESSL_253") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl253");
|
println!("cargo:rustc-cfg=libressl253");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=253");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_254") {
|
} else if expanded.contains("RUST_LIBRESSL_254") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl254");
|
println!("cargo:rustc-cfg=libressl254");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=254");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_255") {
|
} else if expanded.contains("RUST_LIBRESSL_255") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl255");
|
println!("cargo:rustc-cfg=libressl255");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=255");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_LIBRESSL_260") {
|
} else if expanded.contains("RUST_LIBRESSL_260") {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
println!("cargo:rustc-cfg=libressl260");
|
println!("cargo:rustc-cfg=libressl260");
|
||||||
println!("cargo:libressl=true");
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=250");
|
||||||
|
println!("cargo:version=101");
|
||||||
|
Version::Libressl
|
||||||
|
} else if expanded.contains("RUST_LIBRESSL_261") {
|
||||||
|
println!("cargo:rustc-cfg=libressl");
|
||||||
|
println!("cargo:rustc-cfg=libressl261");
|
||||||
|
println!("cargo:libressl=true");
|
||||||
|
println!("cargo:libressl_version=261");
|
||||||
println!("cargo:version=101");
|
println!("cargo:version=101");
|
||||||
Version::Libressl
|
Version::Libressl
|
||||||
} else if expanded.contains("RUST_OPENSSL_110F") {
|
} else if expanded.contains("RUST_OPENSSL_110F") {
|
||||||
|
|
|
||||||
|
|
@ -1250,10 +1250,15 @@ pub const SSL_VERIFY_NONE: c_int = 0;
|
||||||
pub const SSL_VERIFY_PEER: c_int = 1;
|
pub const SSL_VERIFY_PEER: c_int = 1;
|
||||||
pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
|
pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
|
||||||
|
|
||||||
#[cfg(not(ossl101))]
|
#[cfg(not(any(libressl261, ossl101)))]
|
||||||
pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
|
pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
|
||||||
|
#[cfg(libressl261)]
|
||||||
|
pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
|
||||||
pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
|
pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
|
pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
|
||||||
|
#[cfg(libressl261)]
|
||||||
|
pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
|
||||||
pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
|
pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
|
||||||
#[cfg(not(libressl))]
|
#[cfg(not(libressl))]
|
||||||
pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
|
pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
|
||||||
|
|
|
||||||
|
|
@ -345,6 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
|
||||||
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
|
pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
|
||||||
pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
|
pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
|
||||||
|
|
||||||
|
#[cfg(libressl261)]
|
||||||
|
pub const SSL_OP_ALL: c_ulong = 0x4;
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
pub const SSL_OP_ALL: c_ulong = 0x80000014;
|
pub const SSL_OP_ALL: c_ulong = 0x80000014;
|
||||||
pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
|
pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
|
||||||
pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
|
pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
|
||||||
|
|
@ -357,6 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
|
||||||
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
|
pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
|
||||||
pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
|
pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
|
||||||
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
|
pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
|
||||||
|
#[cfg(libressl261)]
|
||||||
|
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
|
pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
|
||||||
pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
|
pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
|
||||||
pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
|
pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,10 @@ fn main() {
|
||||||
println!("cargo:rustc-cfg=libressl");
|
println!("cargo:rustc-cfg=libressl");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
|
||||||
|
println!("cargo:rustc-cfg=libressl{}", v);
|
||||||
|
}
|
||||||
|
|
||||||
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
|
if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
|
||||||
for var in vars.split(",") {
|
for var in vars.split(",") {
|
||||||
println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
|
println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
|
||||||
|
|
|
||||||
|
|
@ -652,6 +652,7 @@ impl SslContextBuilder {
|
||||||
|
|
||||||
/// Set the protocols to be used during Next Protocol Negotiation (the protocols
|
/// Set the protocols to be used during Next Protocol Negotiation (the protocols
|
||||||
/// supported by the application).
|
/// supported by the application).
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
|
pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
|
||||||
// Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
|
// Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
|
||||||
// APIs -- a list of length-prefixed strings.
|
// APIs -- a list of length-prefixed strings.
|
||||||
|
|
@ -1310,6 +1311,7 @@ impl SslRef {
|
||||||
///
|
///
|
||||||
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
|
/// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
|
||||||
/// to interpret it.
|
/// to interpret it.
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
|
pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
|
||||||
unsafe {
|
unsafe {
|
||||||
let mut data: *const c_uchar = ptr::null();
|
let mut data: *const c_uchar = ptr::null();
|
||||||
|
|
|
||||||
|
|
@ -503,6 +503,7 @@ fn test_connect_with_unilateral_alpn() {
|
||||||
/// Tests that connecting with the client using NPN, but the server not does not
|
/// Tests that connecting with the client using NPN, but the server not does not
|
||||||
/// break the existing connection behavior.
|
/// break the existing connection behavior.
|
||||||
#[test]
|
#[test]
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
fn test_connect_with_unilateral_npn() {
|
fn test_connect_with_unilateral_npn() {
|
||||||
let (_s, stream) = Server::new();
|
let (_s, stream) = Server::new();
|
||||||
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
|
let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
|
||||||
|
|
@ -615,6 +616,7 @@ fn test_connect_with_npn_successful_single_match() {
|
||||||
/// Tests that when the `SslStream` is created as a server stream, the protocols
|
/// Tests that when the `SslStream` is created as a server stream, the protocols
|
||||||
/// are correctly advertised to the client.
|
/// are correctly advertised to the client.
|
||||||
#[test]
|
#[test]
|
||||||
|
#[cfg(not(libressl261))]
|
||||||
fn test_npn_server_advertise_multiple() {
|
fn test_npn_server_advertise_multiple() {
|
||||||
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
|
let listener = TcpListener::bind("127.0.0.1:0").unwrap();
|
||||||
let localhost = listener.local_addr().unwrap();
|
let localhost = listener.local_addr().unwrap();
|
||||||
|
|
@ -1239,7 +1241,7 @@ fn tmp_dh_callback() {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
|
#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))]
|
||||||
fn tmp_ecdh_callback() {
|
fn tmp_ecdh_callback() {
|
||||||
use ec::EcKey;
|
use ec::EcKey;
|
||||||
use nid;
|
use nid;
|
||||||
|
|
@ -1306,7 +1308,7 @@ fn tmp_dh_callback_ssl() {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
|
#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))]
|
||||||
fn tmp_ecdh_callback_ssl() {
|
fn tmp_ecdh_callback_ssl() {
|
||||||
use ec::EcKey;
|
use ec::EcKey;
|
||||||
use nid;
|
use nid;
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,12 @@ fn main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let has_cms_h = if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
|
||||||
|
version != "261"
|
||||||
|
} else {
|
||||||
|
true
|
||||||
|
};
|
||||||
|
|
||||||
cfg.header("openssl/comp.h")
|
cfg.header("openssl/comp.h")
|
||||||
.header("openssl/dh.h")
|
.header("openssl/dh.h")
|
||||||
.header("openssl/ossl_typ.h")
|
.header("openssl/ossl_typ.h")
|
||||||
|
|
@ -56,8 +62,12 @@ fn main() {
|
||||||
.header("openssl/pkcs12.h")
|
.header("openssl/pkcs12.h")
|
||||||
.header("openssl/bn.h")
|
.header("openssl/bn.h")
|
||||||
.header("openssl/aes.h")
|
.header("openssl/aes.h")
|
||||||
.header("openssl/ocsp.h")
|
.header("openssl/ocsp.h");
|
||||||
.header("openssl/cms.h");
|
|
||||||
|
if has_cms_h {
|
||||||
|
cfg.header("openssl/cms.h");
|
||||||
|
}
|
||||||
|
|
||||||
cfg.type_name(|s, is_struct| {
|
cfg.type_name(|s, is_struct| {
|
||||||
// Add some `*` on some callback parameters to get function pointer to
|
// Add some `*` on some callback parameters to get function pointer to
|
||||||
// typecheck in C, especially on MSVC.
|
// typecheck in C, especially on MSVC.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue