From 494d65da5080e664f6c9dd2d210dce636adebea9 Mon Sep 17 00:00:00 2001 From: "Nicolas \"Pixel\" Noble" Date: Tue, 15 May 2018 00:06:04 +0200 Subject: [PATCH] No longer automatically fallbacking on system's OpenSSL if it only has NPN. --- Makefile | 19 ++----------------- templates/Makefile.template | 19 ++----------------- test/build/openssl-npn.c | 30 ------------------------------ 3 files changed, 4 insertions(+), 64 deletions(-) delete mode 100644 test/build/openssl-npn.c diff --git a/Makefile b/Makefile index 73b1ee054c3..d2db74ca5bd 100644 --- a/Makefile +++ b/Makefile @@ -501,7 +501,6 @@ endif ifeq ($(HAS_PKG_CONFIG),true) OPENSSL_ALPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.2 openssl -OPENSSL_NPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.1 openssl ZLIB_CHECK_CMD = $(PKG_CONFIG) --exists zlib PROTOBUF_CHECK_CMD = $(PKG_CONFIG) --atleast-version=3.5.0 protobuf CARES_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.11.0 libcares @@ -514,7 +513,6 @@ OPENSSL_LIBS = ssl crypto endif OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS) -OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS) BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) -Ithird_party/boringssl/include -fvisibility=hidden -DOPENSSL_NO_ASM -D_GNU_SOURCE -DWIN32_LEAN_AND_MEAN -D_HAS_EXCEPTIONS=0 -DNOMINMAX $(CFLAGS) -Wno-sign-conversion -Wno-conversion -Wno-unused-value -Wno-unknown-pragmas -Wno-implicit-function-declaration -Wno-unused-variable -Wno-sign-compare -Wno-implicit-fallthrough $(NO_W_EXTRA_SEMI) -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS) ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS) PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS) @@ -542,13 +540,7 @@ HAS_SYSTEM_PROTOBUF_VERIFY = $(shell $(PROTOBUF_CHECK_CMD) 2> /dev/null && echo ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG) HAS_SYSTEM_OPENSSL_ALPN ?= $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false) ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true) -HAS_SYSTEM_OPENSSL_NPN = true CACHE_MK += HAS_SYSTEM_OPENSSL_ALPN = true, -else -HAS_SYSTEM_OPENSSL_NPN ?= $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false) -endif -ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) -CACHE_MK += HAS_SYSTEM_OPENSSL_NPN = true, endif HAS_SYSTEM_ZLIB ?= $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false) ifeq ($(HAS_SYSTEM_ZLIB),true) @@ -565,7 +557,6 @@ endif else # override system libraries if the config requires a custom compiled library HAS_SYSTEM_OPENSSL_ALPN = false -HAS_SYSTEM_OPENSSL_NPN = false HAS_SYSTEM_ZLIB = false HAS_SYSTEM_PROTOBUF = false HAS_SYSTEM_CARES = false @@ -712,12 +703,7 @@ ifneq ($(HAS_EMBEDDED_OPENSSL_ALPN),false) EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN) NO_SECURE ?= false else # HAS_EMBEDDED_OPENSSL_ALPN=false -ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) -EMBED_OPENSSL ?= false -NO_SECURE ?= false -else NO_SECURE ?= true -endif # HAS_SYSTEM_OPENSSL_NPN=true endif # HAS_EMBEDDED_OPENSSL_ALPN endif # HAS_SYSTEM_OPENSSL_ALPN @@ -751,10 +737,10 @@ LDFLAGS := $(LDFLAGS_OPENSSL_PKG_CONFIG) $(LDFLAGS) else # HAS_PKG_CONFIG=false LIBS_SECURE = $(OPENSSL_LIBS) endif # HAS_PKG_CONFIG -ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) +ifeq ($(DISABLE_ALPN),true) CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0 LIBS_SECURE = $(OPENSSL_LIBS) -endif # HAS_SYSTEM_OPENSSL_NPN +endif # DISABLE_ALPN PC_LIBS_SECURE = $(addprefix -l, $(LIBS_SECURE)) endif # EMBED_OPENSSL endif # NO_SECURE @@ -1341,7 +1327,6 @@ uri_fuzzer_test_one_entry: $(BINDIR)/$(CONFIG)/uri_fuzzer_test_one_entry run_dep_checks: $(OPENSSL_ALPN_CHECK_CMD) || true - $(OPENSSL_NPN_CHECK_CMD) || true $(ZLIB_CHECK_CMD) || true $(PERFTOOLS_CHECK_CMD) || true $(PROTOBUF_CHECK_CMD) || true diff --git a/templates/Makefile.template b/templates/Makefile.template index 354f2a2f403..2ca0cbc9992 100644 --- a/templates/Makefile.template +++ b/templates/Makefile.template @@ -414,7 +414,6 @@ ifeq ($(HAS_PKG_CONFIG),true) OPENSSL_ALPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.2 openssl - OPENSSL_NPN_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.0.1 openssl ZLIB_CHECK_CMD = $(PKG_CONFIG) --exists zlib PROTOBUF_CHECK_CMD = $(PKG_CONFIG) --atleast-version=3.5.0 protobuf CARES_CHECK_CMD = $(PKG_CONFIG) --atleast-version=1.11.0 libcares @@ -427,7 +426,6 @@ endif OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS) - OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS) BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) ${defaults.boringssl.CPPFLAGS} $(CFLAGS) ${defaults.boringssl.CFLAGS} -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS) ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS) PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS) @@ -455,13 +453,7 @@ ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG) HAS_SYSTEM_OPENSSL_ALPN ?= $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false) ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true) - HAS_SYSTEM_OPENSSL_NPN = true CACHE_MK += HAS_SYSTEM_OPENSSL_ALPN = true, - else - HAS_SYSTEM_OPENSSL_NPN ?= $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false) - endif - ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) - CACHE_MK += HAS_SYSTEM_OPENSSL_NPN = true, endif HAS_SYSTEM_ZLIB ?= $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false) ifeq ($(HAS_SYSTEM_ZLIB),true) @@ -478,7 +470,6 @@ else # override system libraries if the config requires a custom compiled library HAS_SYSTEM_OPENSSL_ALPN = false - HAS_SYSTEM_OPENSSL_NPN = false HAS_SYSTEM_ZLIB = false HAS_SYSTEM_PROTOBUF = false HAS_SYSTEM_CARES = false @@ -625,12 +616,7 @@ EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN) NO_SECURE ?= false else # HAS_EMBEDDED_OPENSSL_ALPN=false - ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) - EMBED_OPENSSL ?= false - NO_SECURE ?= false - else NO_SECURE ?= true - endif # HAS_SYSTEM_OPENSSL_NPN=true endif # HAS_EMBEDDED_OPENSSL_ALPN endif # HAS_SYSTEM_OPENSSL_ALPN @@ -664,10 +650,10 @@ else # HAS_PKG_CONFIG=false LIBS_SECURE = $(OPENSSL_LIBS) endif # HAS_PKG_CONFIG - ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true) + ifeq ($(DISABLE_ALPN),true) CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0 LIBS_SECURE = $(OPENSSL_LIBS) - endif # HAS_SYSTEM_OPENSSL_NPN + endif # DISABLE_ALPN PC_LIBS_SECURE = $(addprefix -l, $(LIBS_SECURE)) endif # EMBED_OPENSSL endif # NO_SECURE @@ -888,7 +874,6 @@ run_dep_checks: $(OPENSSL_ALPN_CHECK_CMD) || true - $(OPENSSL_NPN_CHECK_CMD) || true $(ZLIB_CHECK_CMD) || true $(PERFTOOLS_CHECK_CMD) || true $(PROTOBUF_CHECK_CMD) || true diff --git a/test/build/openssl-npn.c b/test/build/openssl-npn.c deleted file mode 100644 index 9c713827209..00000000000 --- a/test/build/openssl-npn.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * - * Copyright 2015 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* This is just a compilation test, to see if we have a version of OpenSSL with - NPN support installed. It's not meant to be run, and all of the values and - function calls there are non-sensical. The code is only meant to test the - presence of symbols, and we're expecting a compilation failure otherwise. */ - -#include -#include - -int main() { - SSL_get0_next_proto_negotiated(NULL, NULL, NULL); - return OPENSSL_NPN_UNSUPPORTED; -}