85 lines
3.2 KiB
Diff
85 lines
3.2 KiB
Diff
From 202ff1372a40a8adf9aac74bfe8a39141b0c57e5 Mon Sep 17 00:00:00 2001
|
|
From: Kazuki Yamaguchi <k@rhe.jp>
|
|
Date: Mon, 27 Sep 2021 00:38:38 +0900
|
|
Subject: [PATCH] ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3
|
|
|
|
Ruby/OpenSSL 2.1.x and 2.2.x will not support OpenSSL 3.0 API. Let's
|
|
make extconf.rb explicitly check the version number to be within the
|
|
acceptable range, since it will not compile anyway.
|
|
|
|
Reference: https://bugs.ruby-lang.org/issues/18192
|
|
---
|
|
ext/openssl/extconf.rb | 43 ++++++++++++++++++++++++------------------
|
|
1 file changed, 25 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
|
|
index 264130bb..7e817ae2 100644
|
|
--- a/ext/openssl/extconf.rb
|
|
+++ b/ext/openssl/extconf.rb
|
|
@@ -33,9 +33,6 @@
|
|
have_library("ws2_32")
|
|
end
|
|
|
|
-Logging::message "=== Checking for required stuff... ===\n"
|
|
-result = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
-
|
|
if $mingw
|
|
append_cflags '-D_FORTIFY_SOURCE=2'
|
|
append_ldflags '-fstack-protector'
|
|
@@ -92,19 +89,33 @@ def find_openssl_library
|
|
return false
|
|
end
|
|
|
|
-unless result
|
|
- unless find_openssl_library
|
|
- Logging::message "=== Checking for required stuff failed. ===\n"
|
|
- Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
|
- raise "OpenSSL library could not be found. You might want to use " \
|
|
- "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
|
- "is installed."
|
|
- end
|
|
+Logging::message "=== Checking for required stuff... ===\n"
|
|
+pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
|
|
+
|
|
+if !pkg_config_found && !find_openssl_library
|
|
+ Logging::message "=== Checking for required stuff failed. ===\n"
|
|
+ Logging::message "Makefile wasn't created. Fix the errors above.\n"
|
|
+ raise "OpenSSL library could not be found. You might want to use " \
|
|
+ "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
|
|
+ "is installed."
|
|
end
|
|
|
|
-unless checking_for("OpenSSL version is 1.0.1 or later") {
|
|
- try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
|
|
- raise "OpenSSL >= 1.0.1 or LibreSSL is required"
|
|
+version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
|
+ is_libressl = true
|
|
+ checking_for("LibreSSL version >= 2.5.0") {
|
|
+ try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
|
|
+else
|
|
+ checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
|
|
+ try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
|
|
+ !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
|
|
+end
|
|
+unless version_ok
|
|
+ raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
|
|
+end
|
|
+
|
|
+# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
|
|
+if is_libressl && ($mswin || $mingw)
|
|
+ $defs.push("-DNOCRYPT")
|
|
end
|
|
|
|
Logging::message "=== Checking for OpenSSL features... ===\n"
|
|
@@ -116,10 +127,6 @@ def find_openssl_library
|
|
have_func("ENGINE_load_#{name}()", "openssl/engine.h")
|
|
}
|
|
|
|
-if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
|
|
- $defs.push("-DNOCRYPT")
|
|
-end
|
|
-
|
|
# added in 1.0.2
|
|
have_func("EC_curve_nist2nid")
|
|
have_func("X509_REVOKED_dup")
|