ssl: add SSLSocket#sigalg, #peer_sigalg, #group #1504
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push, pull_request, workflow_dispatch] | |
| jobs: | |
| ruby-versions: | |
| uses: ruby/actions/.github/workflows/ruby_versions.yml@master | |
| with: | |
| engine: cruby-truffleruby | |
| min_version: 2.7 | |
| test: | |
| needs: ruby-versions | |
| name: >- | |
| ${{ matrix.os }} ${{ matrix.ruby }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-latest, windows-latest ] | |
| ruby: ${{ fromJson(needs.ruby-versions.outputs.versions) }} | |
| exclude: | |
| - { os: windows-latest, ruby: truffleruby } | |
| - { os: windows-latest, ruby: truffleruby-head } | |
| include: | |
| - { os: windows-latest, ruby: ucrt } | |
| - { os: windows-latest, ruby: mswin } | |
| steps: | |
| - name: repo checkout | |
| uses: actions/checkout@v4 | |
| - name: load ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: ${{ matrix.ruby }} | |
| bundler-cache: true # `bundle install` and cache | |
| # See https://github.com/oneclick/rubyinstaller2/issues/60 | |
| # The builtin DLLs are preferred over the mingw-w64/vcpkg DLLs. This is a | |
| # temporary workaround until they update the DLLs to OpenSSL 3.5.x. | |
| - name: Update RI2/mswin builtin DLLs | |
| run: | | |
| $dst = "$((Get-Item (Get-Command ruby).Definition).DirectoryName)\ruby_builtin_dlls" | |
| if ("${{ matrix.ruby }}" -eq "mswin") { | |
| $src = "C:\vcpkg\installed\x64-windows\bin" | |
| } else { | |
| $src = "$((Get-Item (Get-Command ruby).Definition).DirectoryName)\..\msys64\ucrt64\bin" | |
| } | |
| Copy-Item "$src\libcrypto-3-x64.dll", "$src\libssl-3-x64.dll" $dst | |
| if: ${{ matrix.os == 'windows-latest' && (matrix.ruby == '3.2' || matrix.ruby == '3.3' || matrix.ruby == 'mswin') }} | |
| # Enable the verbose option in mkmf.rb to print the compiling commands. | |
| - name: enable mkmf verbose | |
| run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV | |
| if: runner.os == 'Linux' || runner.os == 'macOS' | |
| - name: set flags to check compiler warnings | |
| run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV | |
| if: ${{ !matrix.skip-warnings }} | |
| - name: rake compile | |
| run: bundle exec rake compile | |
| - name: rake test | |
| run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately" | |
| timeout-minutes: 5 | |
| test-openssls: | |
| name: >- | |
| ${{ matrix.openssl }} ${{ matrix.name-extra }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| name-extra: [ '' ] | |
| openssl: | |
| # https://openssl-library.org/source/ | |
| - openssl-1.1.1w # EOL 2023-09-11, still used by RHEL 8 and Ubuntu 20.04 | |
| - openssl-3.0.16 # Supported until 2026-09-07 (LTS) | |
| - openssl-3.1.8 # EOL 2025-03-14 | |
| - openssl-3.2.4 # Supported until 2025-11-23 | |
| - openssl-3.3.3 # Supported until 2026-04-09 | |
| - openssl-3.4.1 # Supported until 2026-10-22 | |
| - openssl-3.5.0 # Supported until 2030 (LTS) | |
| - openssl-master | |
| # http://www.libressl.org/releases.html | |
| - libressl-3.9.2 # EOL 2025-04-05 | |
| - libressl-4.0.0 # Supported until 2025-10-08 | |
| - libressl-4.1.0 # Supported until 2026-04-28 | |
| # https://github.com/aws/aws-lc/tags | |
| - aws-lc-latest | |
| include: | |
| - { name-extra: 'without legacy provider', openssl: openssl-3.5.0, append-configure: 'no-legacy' } | |
| - { openssl: aws-lc-latest, skip-warnings: true } | |
| steps: | |
| - name: repo checkout | |
| uses: actions/checkout@v4 | |
| - id: cache-openssl | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/openssl | |
| key: openssl-${{ runner.os }}-${{ matrix.openssl }}-${{ matrix.append-configure || 'default' }} | |
| if: matrix.openssl != 'openssl-master' && matrix.openssl != 'libressl-master' && matrix.openssl != 'aws-lc-latest' | |
| - name: Compile OpenSSL library | |
| if: steps.cache-openssl.outputs.cache-hit != 'true' | |
| run: | | |
| # Enable Bash debugging option temporarily for debugging use. | |
| set -x | |
| mkdir -p tmp/build-openssl && cd tmp/build-openssl | |
| case ${{ matrix.openssl }} in | |
| openssl-1.*) | |
| OPENSSL_COMMIT=$(echo ${{ matrix.openssl }} | sed -e 's/^openssl-/OpenSSL_/' | sed -e 's/\./_/g') | |
| git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git . | |
| echo "Git commit: $(git rev-parse HEAD)" | |
| # shared is required for 1.0.x. | |
| ./Configure --prefix=$HOME/openssl --libdir=lib shared linux-x86_64 | |
| make depend && make -j4 && make install_sw | |
| ;; | |
| openssl-*) | |
| OPENSSL_COMMIT=${{ matrix.openssl == 'openssl-master' && 'master' || matrix.openssl }} | |
| git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git . | |
| echo "Git commit: $(git rev-parse HEAD)" | |
| ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests ${{ matrix.append-configure }} | |
| make -j4 && make install_sw && make install_fips | |
| ;; | |
| libressl-*) | |
| curl -L https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${{ matrix.openssl }}.tar.gz | \ | |
| tar xzf - --strip-components=1 | |
| ./configure --prefix=$HOME/openssl | |
| make -j4 && make install | |
| ;; | |
| aws-lc-*) | |
| git clone https://github.com/aws/aws-lc.git . | |
| AWS_LC_RELEASE=$(git tag --sort=-creatordate --list "v*" | head -1) | |
| git checkout $AWS_LC_RELEASE | |
| cmake -DCMAKE_INSTALL_PREFIX=$HOME/openssl -DCMAKE_INSTALL_LIBDIR=lib | |
| make -j4 && make install | |
| ;; | |
| *) | |
| false | |
| ;; | |
| esac | |
| - name: load ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '3.0' | |
| bundler-cache: true | |
| - name: enable mkmf verbose | |
| run: echo "MAKEFLAGS=V=1" >> $GITHUB_ENV | |
| - name: set flags to check compiler warnings | |
| run: echo "RUBY_OPENSSL_EXTCFLAGS=-Werror" >> $GITHUB_ENV | |
| if: ${{ !matrix.skip-warnings }} | |
| - name: rake compile | |
| run: bundle exec rake compile -- --with-openssl-dir=$HOME/openssl | |
| - name: rake test | |
| run: bundle exec rake test TESTOPTS="-v --no-show-detail-immediately" | |
| timeout-minutes: 5 | |
| # Run only the passing tests on the FIPS module as a temporary workaround. | |
| # TODO Fix other tests, and run all the tests on FIPS module. | |
| - name: rake test_fips | |
| run: | | |
| sed -e "s|OPENSSL_DIR|$HOME/openssl|" tool/openssl_fips.cnf.tmpl > tmp/openssl_fips.cnf | |
| export OPENSSL_CONF=$(pwd)/tmp/openssl_fips.cnf | |
| bundle exec rake test_fips TESTOPTS="-v --no-show-detail-immediately" | |
| timeout-minutes: 5 | |
| if: ${{ startsWith(matrix.openssl, 'openssl-3') || matrix.openssl == 'openssl-master' }} |