Browse Source

Upgrade Makefile because upstream change a lot

master
aeris 3 months ago
parent
commit
20add2fc40
  1. 79
      Makefile
  2. 62
      patches/ciphersuites.patch

79
Makefile

@ -1,36 +1,51 @@
RBENV_ROOT ?= ~/.rbenv
RBENV__VERSION := v1.1.2
RUBY_BUILD_VERSION = v20200401
ROOT_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
BUILD_DIR := $(ROOT_DIR)/build
OPENSSL_1_0_VERSION = 1.0.2j
OPENSSL_1_1_VERSION = 1.1.1g
export RBENV_ROOT ?= $(ROOT_DIR)/build/rbenv
RBENV_VERSION := v1.2.0
RUBY_BUILD_VERSION = v20220218
RUBY_1_0_VERSION = 2.3.8
RUBY_1_1_VERSION = 2.6.6
OPENSSL_1_0_VERSION := 1.0.2j
OPENSSL_1_1_VERSION := 1.1.1g
ROOT_DIR = $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
BUILD_DIR = $(ROOT_DIR)/build
RUBY_1_0_VERSION := 2.3.8
RUBY_1_1_VERSION := 2.6.6
LIBRARY_PATH_1_0 = $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)
C_INCLUDE_PATH_1_0 = $(LIBRARY_PATH_1_0)/include
LIBRARY_PATH_1_1 = $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)
C_INCLUDE_PATH_1_1 = $(LIBRARY_PATH_1_1)/include
LIBRARY_PATH_1_0 := $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)/lib
C_INCLUDE_PATH_1_0 := $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)/include
LIBRARY_PATH_1_1 := $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)/lib
C_INCLUDE_PATH_1_1 := $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)/include
MAKE_OPTS ?= -j $(shell nproc)
export CC := ccache gcc
export CXX := ccache g++
export RUBY_CONFIGURE_OPTS := --disable-install-doc
.SUFFIXES:
.SECONDARY:
.DEFAULT_GOAL := all
all:
$(MAKE) clean
$(MAKE) openssl
$(MAKE) rbenv
$(MAKE) ruby
$(MAKE) faketime
.PHONY: all
clean:
rm -rf build/
$(RBENV_ROOT)/:
git clone https://github.com/rbenv/rbenv/ "$@" -b "$(RBENV__VERSION)" --depth 1
git clone https://github.com/rbenv/rbenv/ "$@" -b "$(RBENV_VERSION)" --depth 1
$(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
git clone https://github.com/rbenv/ruby-build/ "$@" -b "$(RUBY_BUILD_VERSION)" --depth 1
rbenv: | $(RBENV_ROOT)/plugins/ruby-build/
build/:
mkdir "$@"
mkdir -p "$@"
build/chacha-poly.patch: | build/
wget -q https://github.com/cloudflare/sslconfig/raw/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch -O "$@"
@ -38,32 +53,37 @@ build/chacha-poly.patch: | build/
build/openssl-%.tar.gz: | build/
wget -q "https://www.openssl.org/source/$(notdir $@)" -O "$@"
build/openssl-$(OPENSSL_1_0_VERSION)/: build/openssl-$(OPENSSL_1_0_VERSION).tar.gz build/chacha-poly.patch
tar -C build -xf "$<"
build/openssl-$(OPENSSL_1_0_VERSION)/src/: build/openssl-$(OPENSSL_1_0_VERSION).tar.gz build/chacha-poly.patch
mkdir -p "$@"
tar -C "$@" --strip-components=1 -xf "$<"
patch -d "$@" -p1 < build/chacha-poly.patch
for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done
build/openssl-$(OPENSSL_1_1_VERSION)/: build/openssl-$(OPENSSL_1_1_VERSION).tar.gz build/chacha-poly.patch
tar -C build -xf "$<"
build/openssl-$(OPENSSL_1_1_VERSION)/src/: build/openssl-$(OPENSSL_1_1_VERSION).tar.gz
mkdir -p "$@"
tar -C "$@" --strip-components=1 -xf "$<"
.ONESHELL:
build/openssl-%/Makefile: | build/openssl-%/
build/openssl-%/src/Makefile: | build/openssl-%/src/
cd "$(dir $@)"
./config --prefix=/usr --openssldir=/etc/ssl \
./config --prefix="$(BUILD_DIR)/openssl-$*" --openssldir="$(BUILD_DIR)/openssl-$*" \
enable-ssl2 enable-ssl3 enable-ssl3-method \
enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared
$(MAKE) $(MAKE_OPTS) depend
# $(MAKE) $(MAKE_OPTS) depend
build/openssl-%/libssl.so build/openssl-%/libcrypto.so: build/openssl-%/Makefile
build/openssl-%/src/libssl.so: build/openssl-%/src/Makefile
$(MAKE) -C "$(dir $<)" $(MAKE_OPTS)
openssl-1.0: build/openssl-$(OPENSSL_1_0_VERSION)/libssl.so build/openssl-$(OPENSSL_1_0_VERSION)/libcrypto.so
openssl-1.1: build/openssl-$(OPENSSL_1_1_VERSION)/libssl.so build/openssl-$(OPENSSL_1_1_VERSION)/libcrypto.so
build/openssl-%/lib/libssl.so: build/openssl-%/src/libssl.so
$(MAKE) -C "$(dir $<)" $(MAKE_OPTS) install
openssl-1.0: build/openssl-$(OPENSSL_1_0_VERSION)/lib/libssl.so
openssl-1.1: build/openssl-$(OPENSSL_1_1_VERSION)/lib/libssl.so
openssl: openssl-1.0 openssl-1.1
build/$(RUBY_1_0_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_0_VERSION)
build/$(RUBY_1_0_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_0_VERSION) | build/
cp "$<" "$@"
build/$(RUBY_1_1_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_1_VERSION)
build/$(RUBY_1_1_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_1_VERSION) | build/
cp "$<" "$@"
$(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck: build/$(RUBY_1_0_VERSION)-cryptcheck openssl-1.0
@ -73,7 +93,8 @@ $(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck: build/$(RUBY_1_0_VERSION)
LD_LIBRARY_PATH="$(LIBRARY_PATH_1_0)" \
RUBY_BUILD_CACHE_PATH="$(BUILD_DIR)" \
RUBY_BUILD_DEFINITIONS="$(BUILD_DIR)" \
MAKE_OPTS="$(MAKE_OPTS)" rbenv install -fp "$(notdir $@)"
MAKE_OPTS="$(MAKE_OPTS)" $(RBENV_ROOT)/bin/rbenv install -fp "$(notdir $@)"
wget https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem -O "$@/lib/ruby/2.3.0/rubygems/ssl_certs/GlobalSignRootCA_R3.pem"
$(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck: build/$(RUBY_1_1_VERSION)-cryptcheck openssl-1.1
cat patches/ciphersuites.patch | \
LIBRARY_PATH="$(LIBRARY_PATH_1_1)" \
@ -81,7 +102,7 @@ $(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck: build/$(RUBY_1_1_VERSION)
LD_LIBRARY_PATH="$(LIBRARY_PATH_1_1)" \
RUBY_BUILD_CACHE_PATH="$(BUILD_DIR)" \
RUBY_BUILD_DEFINITIONS="$(BUILD_DIR)" \
MAKE_OPTS="$(MAKE_OPTS)" rbenv install -fp "$(notdir $@)"
MAKE_OPTS="$(MAKE_OPTS)" $(RBENV_ROOT)/bin/rbenv install -fp "$(notdir $@)"
ruby-1.0: $(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck
ruby-1.1: $(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck
ruby: ruby-1.0 ruby-1.1

62
patches/ciphersuites.patch

@ -0,0 +1,62 @@
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7996f227b6..200e3c70ae 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1043,6 +1043,49 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
+/*
+ * call-seq:
+ * ctx.ciphersuites = "cipher1:cipher2:..."
+ * ctx.ciphersuites = [name, ...]
+ * ctx.ciphersuites = [[name, version, bits, alg_bits], ...]
+ *
+ * Sets the list of available cipher suites for this context. Note in a server
+ * context some ciphers require the appropriate certificates. For example, an
+ * RSA cipher suite can only be chosen when an RSA certificate is available.
+ * This call is only suitable for TLSv1.3.
+ */
+static VALUE
+ossl_sslctx_set_ciphersuites(VALUE self, VALUE v)
+{
+ SSL_CTX *ctx;
+ VALUE str, elem;
+ int i;
+
+ rb_check_frozen(self);
+ if (NIL_P(v))
+ return v;
+ else if (RB_TYPE_P(v, T_ARRAY)) {
+ str = rb_str_new(0, 0);
+ for (i = 0; i < RARRAY_LEN(v); i++) {
+ elem = rb_ary_entry(v, i);
+ if (RB_TYPE_P(elem, T_ARRAY)) elem = rb_ary_entry(elem, 0);
+ elem = rb_String(elem);
+ rb_str_append(str, elem);
+ if (i < RARRAY_LEN(v)-1) rb_str_cat2(str, ":");
+ }
+ } else {
+ str = v;
+ StringValue(str);
+ }
+
+ GetSSLCTX(self, ctx);
+ if (!SSL_CTX_set_ciphersuites(ctx, StringValueCStr(str))) {
+ ossl_raise(eSSLError, "SSL_CTX_set_ciphersuites");
+ }
+
+ return v;
+}
+
#if !defined(OPENSSL_NO_EC)
/*
* call-seq:
@@ -2693,6 +2736,7 @@ Init_ossl_ssl(void)
ossl_sslctx_set_minmax_proto_version, 2);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
+ rb_define_method(cSSLContext, "ciphersuites=", ossl_sslctx_set_ciphersuites, 1);
rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
Loading…
Cancel
Save