Adding a check to find NPN-capable OpenSSL.

pull/2174/head
Nicolas "Pixel" Noble 10 years ago
parent bbb9a286f8
commit 4cc8c8abf4
  1. 867
      Makefile
  2. 35
      templates/Makefile.template
  3. 45
      test/build/openssl-npn.c
  4. 8
      test/core/tsi/transport_security_test.c

File diff suppressed because it is too large Load Diff

@ -376,6 +376,7 @@ OPENSSL_LIBS = ssl crypto
endif
OPENSSL_ALPN_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
OPENSSL_NPN_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
ZLIB_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
PERFTOOLS_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/perftools.c -lprofiler $(LDFLAGS)
PROTOBUF_CHECK_CMD = $(CXX) $(CXXFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
@ -386,6 +387,7 @@ SYSTEMTAP_HEADERS_CHECK_CMD = $(CC) $(CFLAGS) $(CPPFLAGS) -o $(TMPOUT) test/buil
ifeq ($(OPENSSL_REQUIRES_DL),true)
OPENSSL_ALPN_CHECK_CMD += -ldl
OPENSSL_NPN_CHECK_CMD += -ldl
endif
ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG)
@ -399,11 +401,17 @@ endif
HAS_SYSTEM_PROTOBUF_VERIFY = $(shell $(PROTOBUF_CHECK_CMD) 2> /dev/null && echo true || echo false)
ifndef REQUIRE_CUSTOM_LIBRARIES_$(CONFIG)
HAS_SYSTEM_OPENSSL_ALPN = $(shell $(OPENSSL_ALPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true)
HAS_SYSTEM_OPENSSL_NPN = true
else
HAS_SYSTEM_OPENSSL_NPN = $(shell $(OPENSSL_NPN_CHECK_CMD) 2> /dev/null && echo true || echo false)
endif
HAS_SYSTEM_ZLIB = $(shell $(ZLIB_CHECK_CMD) 2> /dev/null && echo true || echo false)
HAS_SYSTEM_PROTOBUF = $(HAS_SYSTEM_PROTOBUF_VERIFY)
else
# override system libraries if the config requires a custom compiled library
HAS_SYSTEM_OPENSSL_ALPN = false
HAS_SYSTEM_OPENSSL_NPN = false
HAS_SYSTEM_ZLIB = false
HAS_SYSTEM_PROTOBUF = false
endif
@ -427,6 +435,9 @@ HAS_SYSTEMTAP = true
endif
endif
# Note that for testing purposes, one can do:
# make HAS_EMBEDDED_OPENSSL_ALPN=false
# to emulate the fact we do not have OpenSSL in the third_party folder.
ifeq ($(wildcard third_party/openssl/ssl/ssl.h),)
HAS_EMBEDDED_OPENSSL_ALPN = false
else
@ -460,6 +471,7 @@ endif
ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),false)
ifeq ($(HAS_EMBEDDED_OPENSSL_ALPN),true)
USE_SYSTEM_OPENSSL = false
OPENSSL_DEP = $(LIBDIR)/$(CONFIG)/openssl/libssl.a
OPENSSL_MERGE_LIBS += $(LIBDIR)/$(CONFIG)/openssl/libssl.a $(LIBDIR)/$(CONFIG)/openssl/libcrypto.a
# need to prefix these to ensure overriding system libraries
@ -469,9 +481,19 @@ ifeq ($(OPENSSL_REQUIRES_DL),true)
LIBS_SECURE = dl
endif
else
ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
USE_SYSTEM_OPENSSL = true
CPPFLAGS += -DTSI_OPENSSL_ALPN_SUPPORT=0
LIBS_SECURE = $(OPENSSL_LIBS)
ifeq ($(OPENSSL_REQUIRES_DL),true)
LIBS_SECURE += dl
endif
else
NO_SECURE = true
endif
endif
else
USE_SYSTEM_OPENSSL = true
LIBS_SECURE = $(OPENSSL_LIBS)
ifeq ($(OPENSSL_REQUIRES_DL),true)
LIBS_SECURE += dl
@ -568,7 +590,7 @@ openssl_dep_message:
@echo
@echo "DEPENDENCY ERROR"
@echo
@echo "The target you are trying to run requires OpenSSL with ALPN support."
@echo "The target you are trying to run requires OpenSSL."
@echo "Your system doesn't have it, and neither does the third_party directory."
@echo
@echo "Please consult INSTALL to get more information."
@ -626,6 +648,7 @@ ${tgt.name}: $(BINDIR)/$(CONFIG)/${tgt.name}
run_dep_checks:
$(OPENSSL_ALPN_CHECK_CMD) || true
$(OPENSSL_NPN_CHECK_CMD) || true
$(ZLIB_CHECK_CMD) || true
$(PERFTOOLS_CHECK_CMD) || true
$(PROTOBUF_CHECK_CMD) || true
@ -646,7 +669,7 @@ ifeq ($(SYSTEM),Darwin)
else
ifeq ($(SYSTEM),MINGW32)
@echo "We currently don't have a good way to compile OpenSSL in-place under msys."
@echo "Please provide an ALPN-capable OpenSSL in your mingw32 system."
@echo "Please provide a OpenSSL in your mingw32 system."
@echo
@echo "Note that you can find a compatible version of the libraries here:"
@echo
@ -1127,11 +1150,11 @@ PUBLIC_HEADERS_C += \\
LIB${lib.name.upper()}_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(basename $(LIB${lib.name.upper()}_SRC))))
## If the library requires OpenSSL with ALPN, let's add some restrictions.
## If the library requires OpenSSL, let's add some restrictions.
% if lib.get('secure', 'check') == 'yes' or lib.get('secure', 'check') == 'check':
ifeq ($(NO_SECURE),true)
# You can't build secure libraries if you don't have OpenSSL with ALPN.
# You can't build secure libraries if you don't have OpenSSL.
$(LIBDIR)/$(CONFIG)/lib${lib.name}.a: openssl_dep_error
@ -1271,7 +1294,7 @@ endif
% endif
% if lib.get('secure', 'check') == 'yes' or lib.get('secure', 'check') == 'check':
## If the lib was secure, we have to close the Makefile's if that tested
## the presence of an ALPN-capable OpenSSL.
## the presence of OpenSSL.
endif
% endif
@ -1312,7 +1335,7 @@ ${tgt.name.upper()}_OBJS = $(addprefix $(OBJDIR)/$(CONFIG)/, $(addsuffix .o, $(b
% if tgt.get('secure', 'check') == 'yes' or tgt.get('secure', 'check') == 'check':
ifeq ($(NO_SECURE),true)
# You can't build secure targets if you don't have OpenSSL with ALPN.
# You can't build secure targets if you don't have OpenSSL.
$(BINDIR)/$(CONFIG)/${tgt.name}: openssl_dep_error

@ -0,0 +1,45 @@
/*
*
* Copyright 2015, Google Inc.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Google Inc. nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* This is just a compilation test, to see if we have a version of OpenSSL with
NPN support installed. It's not meant to be run, and all of the values and
function calls there are non-sensical. The code is only meant to test the
presence of symbols, and we're expecting a compilation failure otherwise. */
#include <stdlib.h>
#include <openssl/ssl.h>
int main() {
SSL_get0_next_proto_negotiated(NULL, NULL, NULL);
return OPENSSL_NPN_UNSUPPORTED;
}

@ -46,9 +46,6 @@
#include "src/core/tsi/ssl_transport_security.h"
#include "test/core/util/test_config.h"
/* Currently points to 1.0.2a. */
#define GRPC_MIN_OPENSSL_VERSION_NUMBER 0x1000201fL
typedef struct {
/* 1 if success, 0 if failure. */
int expected;
@ -299,13 +296,8 @@ static void test_peer_matches_name(void) {
}
}
static void test_openssl_version(void) {
GPR_ASSERT(OPENSSL_VERSION_NUMBER >= GRPC_MIN_OPENSSL_VERSION_NUMBER);
}
int main(int argc, char **argv) {
grpc_test_init(argc, argv);
test_peer_matches_name();
test_openssl_version();
return 0;
}

Loading…
Cancel
Save