Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2174 from nicolasnoble/makefile-npn-check

Browse Source 
Adding a check to find NPN-capable OpenSSL.
pull/2325/head
jboeuf 10 years ago
parent 772187cdf0 be2d3a3d7c
commit 44a4ef3b5a
4 changed files with 520 additions and 437 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 869
      Makefile
  2. 35
      templates/Makefile.template
  3. 45
      test/build/openssl-npn.c
  4. 8
      test/core/tsi/transport_security_test.c

869
Makefile
View File

File diff suppressed because it is too large Load Diff

35
templates/Makefile.template
Unescape View File

@ -397,6 +397,7 @@ endif
ifeq ($(HAS_PKG_CONFIG),true)
OPENSSL_ALPN_CHECK_CMD = pkg-config --atleast-version=1.0.2 openssl
OPENSSL_NPN_CHECK_CMD = pkg-config --alteast-version=1.0.1 openssl
ZLIB_CHECK_CMD = pkg-config --exists zlib
PERFTOOLS_CHECK_CMD = pkg-config --exists profiler
PROTOBUF_CHECK_CMD = pkg-config --atleast-version=3.0.0-alpha-3 protobuf
@ -409,12 +410,14 @@ OPENSSL_LIBS = ssl crypto
endif
OPENSSL_ALPN_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
OPENSSL_NPN_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
ZLIB_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
PERFTOOLS_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/perftools.c -lprofiler $(LDFLAGS)
PROTOBUF_CHECK_CMD = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
ifeq ($(OPENSSL_REQUIRES_DL),true)
OPENSSL_ALPN_CHECK_CMD += -ldl
OPENSSL_NPN_CHECK_CMD += -ldl
endif
endif # HAS_PKG_CONFIG
@ -435,11 +438,17 @@ endif
HAS_SYSTEM_PROTOBUF_VERIFY = $(shell $(PROTOBUF_CHECK_CMD) 2> /dev/null && echo true || echo false)
ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG)
HAS_SYSTEM_OPENSSL_ALPN = $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true)
HAS_SYSTEM_OPENSSL_NPN = true
else
HAS_SYSTEM_OPENSSL_NPN = $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
endif
HAS_SYSTEM_ZLIB = $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false)
HAS_SYSTEM_PROTOBUF = $(HAS_SYSTEM_PROTOBUF_VERIFY)
else
# override system libraries if the config requires a custom compiled library
HAS_SYSTEM_OPENSSL_ALPN = false
HAS_SYSTEM_OPENSSL_NPN = false
HAS_SYSTEM_ZLIB = false
HAS_SYSTEM_PROTOBUF = false
endif
@ -463,6 +472,9 @@ HAS_SYSTEMTAP = true
endif
endif
# Note that for testing purposes, one can do:
# make HAS_EMBEDDED_OPENSSL_ALPN=false
# to emulate the fact we do not have OpenSSL in the third_party folder.
ifeq ($(wildcard third_party/openssl/ssl/ssl.h),)
HAS_EMBEDDED_OPENSSL_ALPN = false
else
@ -531,6 +543,7 @@ endif
endif
else
ifeq ($(HAS_EMBEDDED_OPENSSL_ALPN),true)
USE_SYSTEM_OPENSSL = false
OPENSSL_DEP = $(LIBDIR)/$(CONFIG)/openssl/libssl.a
OPENSSL_MERGE_LIBS += $(LIBDIR)/$(CONFIG)/openssl/libssl.a $(LIBDIR)/$(CONFIG)/openssl/libcrypto.a
# need to prefix these to ensure overriding system libraries
@ -540,9 +553,18 @@ ifeq ($(OPENSSL_REQUIRES_DL),true)
LIBS_SECURE = dl
endif
else
ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
USE_SYSTEM_OPENSSL = true
CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0
LIBS_SECURE = $(OPENSSL_LIBS)
ifeq ($(OPENSSL_REQUIRES_DL),true)
LIBS_SECURE += dl
endif
else
NO_SECURE = true
endif
endif
endif
ifeq ($(OPENSSL_PKG_CONFIG),true)
LDLIBS_SECURE += $(shell pkg-config --libs-only-l openssl)
@ -693,7 +715,7 @@ openssl_dep_message:
@echo
@echo "DEPENDENCY ERROR"
@echo
@echo "The target you are trying to run requires OpenSSL with ALPN support."
@echo "The target you are trying to run requires OpenSSL."
@echo "Your system doesn't have it, and neither does the third_party directory."
@echo
@echo "Please consult INSTALL to get more information."
@ -751,6 +773,7 @@ ${tgt.name}: $(BINDIR)/$(CONFIG)/${tgt.name}
run_dep_checks:
$(OPENSSL_ALPN_CHECK_CMD) || true
$(OPENSSL_NPN_CHECK_CMD) || true
$(ZLIB_CHECK_CMD) || true
$(PERFTOOLS_CHECK_CMD) || true
$(PROTOBUF_CHECK_CMD) || true
@ -771,7 +794,7 @@ ifeq ($(SYSTEM),Darwin)
else
ifeq ($(SYSTEM),MINGW32)
@echo "We currently don't have a good way to compile OpenSSL in-place under msys."
@echo "Please provide an ALPN-capable OpenSSL in your mingw32 system."
@echo "Please provide a OpenSSL in your mingw32 system."
@echo
@echo "Note that you can find a compatible version of the libraries here:"
@echo
@ -1299,11 +1322,11 @@ PUBLIC_HEADERS_C += \\
LIB${lib.name.upper()}_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIB${lib.name.upper()}_SRC))))
## If the library requires OpenSSL with ALPN, let's add some restrictions.
## If the library requires OpenSSL, let's add some restrictions.
% if lib.get('secure', 'check') == 'yes' or lib.get('secure', 'check') == 'check':
ifeq ($(NO_SECURE),true)
# You can't build secure libraries if you don't have OpenSSL with ALPN.
# You can't build secure libraries if you don't have OpenSSL.
$(LIBDIR)/$(CONFIG)/lib${lib.name}.a: openssl_dep_error
@ -1443,7 +1466,7 @@ endif
% endif
% if lib.get('secure', 'check') == 'yes' or lib.get('secure', 'check') == 'check':
## If the lib was secure, we have to close the Makefile's if that tested
## the presence of an ALPN-capable OpenSSL.
## the presence of OpenSSL.
endif
% endif
@ -1484,7 +1507,7 @@ ${tgt.name.upper()}_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(b
% if tgt.get('secure', 'check') == 'yes' or tgt.get('secure', 'check') == 'check':
ifeq ($(NO_SECURE),true)
# You can't build secure targets if you don't have OpenSSL with ALPN.
# You can't build secure targets if you don't have OpenSSL.
$(BINDIR)/$(CONFIG)/${tgt.name}: openssl_dep_error

45
test/build/openssl-npn.c
Unescape View File

@ -0,0 +1,45 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* This is just a compilation test, to see if we have a version of OpenSSL with
NPN support installed. It's not meant to be run, and all of the values and
function calls there are non-sensical. The code is only meant to test the
presence of symbols, and we're expecting a compilation failure otherwise. */
#include <stdlib.h>
#include <openssl/ssl.h>
int main() {
SSL_get0_next_proto_negotiated(NULL, NULL, NULL);
return OPENSSL_NPN_UNSUPPORTED;
}

8
test/core/tsi/transport_security_test.c
Unescape View File

@ -46,9 +46,6 @@
#include "src/core/tsi/ssl_transport_security.h"
#include "test/core/util/test_config.h"
/* Currently points to 1.0.2a. */
#define GRPC_MIN_OPENSSL_VERSION_NUMBER 0x1000201fL
typedef struct {
/* 1 if success, 0 if failure. */
int expected;
@ -299,13 +296,8 @@ static void test_peer_matches_name(void) {
}
}
static void test_openssl_version(void) {
GPR_ASSERT(OPENSSL_VERSION_NUMBER >= GRPC_MIN_OPENSSL_VERSION_NUMBER);
}
int main(int argc, char **argv) {
grpc_test_init(argc, argv);
test_peer_matches_name();
test_openssl_version();
return 0;
}

Write Preview
Loading…
Cancel
Save