aeris
/
cryptcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Upgrade Makefile because upstream change a lot

Browse Source
master
aeris 1 year ago
parent 0ef72b7a4b
commit 20add2fc40
2 changed files with 112 additions and 29 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 79
      Makefile
  2. 62
      patches/ciphersuites.patch

79
Makefile
Unescape View File

@ -1,36 +1,51 @@
RBENV_ROOT ?= ~/.rbenv
RBENV__VERSION := v1.1.2
RUBY_BUILD_VERSION = v20200401
ROOT_DIR := $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
BUILD_DIR := $(ROOT_DIR)/build
OPENSSL_1_0_VERSION = 1.0.2j
OPENSSL_1_1_VERSION = 1.1.1g
export RBENV_ROOT ?= $(ROOT_DIR)/build/rbenv
RBENV_VERSION := v1.2.0
RUBY_BUILD_VERSION = v20220218
RUBY_1_0_VERSION = 2.3.8
RUBY_1_1_VERSION = 2.6.6
OPENSSL_1_0_VERSION := 1.0.2j
OPENSSL_1_1_VERSION := 1.1.1g
ROOT_DIR = $(dir $(realpath $(firstword $(MAKEFILE_LIST))))
BUILD_DIR = $(ROOT_DIR)/build
RUBY_1_0_VERSION := 2.3.8
RUBY_1_1_VERSION := 2.6.6
LIBRARY_PATH_1_0 = $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)
C_INCLUDE_PATH_1_0 = $(LIBRARY_PATH_1_0)/include
LIBRARY_PATH_1_1 = $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)
C_INCLUDE_PATH_1_1 = $(LIBRARY_PATH_1_1)/include
LIBRARY_PATH_1_0 := $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)/lib
C_INCLUDE_PATH_1_0 := $(BUILD_DIR)/openssl-$(OPENSSL_1_0_VERSION)/include
LIBRARY_PATH_1_1 := $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)/lib
C_INCLUDE_PATH_1_1 := $(BUILD_DIR)/openssl-$(OPENSSL_1_1_VERSION)/include
MAKE_OPTS ?= -j $(shell nproc)
export CC := ccache gcc
export CXX := ccache g++
export RUBY_CONFIGURE_OPTS := --disable-install-doc
.SUFFIXES:
.SECONDARY:
.DEFAULT_GOAL := all
all:
$(MAKE) clean
$(MAKE) openssl
$(MAKE) rbenv
$(MAKE) ruby
$(MAKE) faketime
.PHONY: all
clean:
rm -rf build/
$(RBENV_ROOT)/:
git clone https://github.com/rbenv/rbenv/ "$@" -b "$(RBENV__VERSION)" --depth 1
git clone https://github.com/rbenv/rbenv/ "$@" -b "$(RBENV_VERSION)" --depth 1
$(RBENV_ROOT)/plugins/ruby-build/: | $(RBENV_ROOT)/
git clone https://github.com/rbenv/ruby-build/ "$@" -b "$(RUBY_BUILD_VERSION)" --depth 1
rbenv: | $(RBENV_ROOT)/plugins/ruby-build/
build/:
mkdir "$@"
mkdir -p "$@"
build/chacha-poly.patch: | build/
wget -q https://github.com/cloudflare/sslconfig/raw/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102j.patch -O "$@"
@ -38,32 +53,37 @@ build/chacha-poly.patch: | build/
build/openssl-%.tar.gz: | build/
wget -q "https://www.openssl.org/source/$(notdir $@)" -O "$@"
build/openssl-$(OPENSSL_1_0_VERSION)/: build/openssl-$(OPENSSL_1_0_VERSION).tar.gz build/chacha-poly.patch
tar -C build -xf "$<"
build/openssl-$(OPENSSL_1_0_VERSION)/src/: build/openssl-$(OPENSSL_1_0_VERSION).tar.gz build/chacha-poly.patch
mkdir -p "$@"
tar -C "$@" --strip-components=1 -xf "$<"
patch -d "$@" -p1 < build/chacha-poly.patch
for p in patches/openssl/*.patch; do patch -d "$@" -p1 < "$$p"; done
build/openssl-$(OPENSSL_1_1_VERSION)/: build/openssl-$(OPENSSL_1_1_VERSION).tar.gz build/chacha-poly.patch
tar -C build -xf "$<"
build/openssl-$(OPENSSL_1_1_VERSION)/src/: build/openssl-$(OPENSSL_1_1_VERSION).tar.gz
mkdir -p "$@"
tar -C "$@" --strip-components=1 -xf "$<"
.ONESHELL:
build/openssl-%/Makefile: | build/openssl-%/
build/openssl-%/src/Makefile: | build/openssl-%/src/
cd "$(dir $@)"
./config --prefix=/usr --openssldir=/etc/ssl \
./config --prefix="$(BUILD_DIR)/openssl-$*" --openssldir="$(BUILD_DIR)/openssl-$*" \
enable-ssl2 enable-ssl3 enable-ssl3-method \
enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-shared
$(MAKE) $(MAKE_OPTS) depend
# $(MAKE) $(MAKE_OPTS) depend
build/openssl-%/libssl.so build/openssl-%/libcrypto.so: build/openssl-%/Makefile
build/openssl-%/src/libssl.so: build/openssl-%/src/Makefile
$(MAKE) -C "$(dir $<)" $(MAKE_OPTS)
openssl-1.0: build/openssl-$(OPENSSL_1_0_VERSION)/libssl.so build/openssl-$(OPENSSL_1_0_VERSION)/libcrypto.so
openssl-1.1: build/openssl-$(OPENSSL_1_1_VERSION)/libssl.so build/openssl-$(OPENSSL_1_1_VERSION)/libcrypto.so
build/openssl-%/lib/libssl.so: build/openssl-%/src/libssl.so
$(MAKE) -C "$(dir $<)" $(MAKE_OPTS) install
openssl-1.0: build/openssl-$(OPENSSL_1_0_VERSION)/lib/libssl.so
openssl-1.1: build/openssl-$(OPENSSL_1_1_VERSION)/lib/libssl.so
openssl: openssl-1.0 openssl-1.1
build/$(RUBY_1_0_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_0_VERSION)
build/$(RUBY_1_0_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_0_VERSION) | build/
cp "$<" "$@"
build/$(RUBY_1_1_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_1_VERSION)
build/$(RUBY_1_1_VERSION)-cryptcheck: $(RBENV_ROOT)/plugins/ruby-build/share/ruby-build/$(RUBY_1_1_VERSION) | build/
cp "$<" "$@"
$(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck: build/$(RUBY_1_0_VERSION)-cryptcheck openssl-1.0
@ -73,7 +93,8 @@ $(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck: build/$(RUBY_1_0_VERSION)
LD_LIBRARY_PATH="$(LIBRARY_PATH_1_0)" \
RUBY_BUILD_CACHE_PATH="$(BUILD_DIR)" \
RUBY_BUILD_DEFINITIONS="$(BUILD_DIR)" \
MAKE_OPTS="$(MAKE_OPTS)" rbenv install -fp "$(notdir $@)"
MAKE_OPTS="$(MAKE_OPTS)" $(RBENV_ROOT)/bin/rbenv install -fp "$(notdir $@)"
wget https://raw.githubusercontent.com/rubygems/rubygems/master/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem -O "$@/lib/ruby/2.3.0/rubygems/ssl_certs/GlobalSignRootCA_R3.pem"
$(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck: build/$(RUBY_1_1_VERSION)-cryptcheck openssl-1.1
cat patches/ciphersuites.patch | \
LIBRARY_PATH="$(LIBRARY_PATH_1_1)" \
@ -81,7 +102,7 @@ $(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck: build/$(RUBY_1_1_VERSION)
LD_LIBRARY_PATH="$(LIBRARY_PATH_1_1)" \
RUBY_BUILD_CACHE_PATH="$(BUILD_DIR)" \
RUBY_BUILD_DEFINITIONS="$(BUILD_DIR)" \
MAKE_OPTS="$(MAKE_OPTS)" rbenv install -fp "$(notdir $@)"
MAKE_OPTS="$(MAKE_OPTS)" $(RBENV_ROOT)/bin/rbenv install -fp "$(notdir $@)"
ruby-1.0: $(RBENV_ROOT)/versions/$(RUBY_1_0_VERSION)-cryptcheck
ruby-1.1: $(RBENV_ROOT)/versions/$(RUBY_1_1_VERSION)-cryptcheck
ruby: ruby-1.0 ruby-1.1

62
patches/ciphersuites.patch
Unescape View File

@ -0,0 +1,62 @@
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 7996f227b6..200e3c70ae 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -1043,6 +1043,49 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
return v;
}
+/*
+ * call-seq:
+ * ctx.ciphersuites = "cipher1:cipher2:..."
+ * ctx.ciphersuites = [name, ...]
+ * ctx.ciphersuites = [[name, version, bits, alg_bits], ...]
+ *
+ * Sets the list of available cipher suites for this context. Note in a server
+ * context some ciphers require the appropriate certificates. For example, an
+ * RSA cipher suite can only be chosen when an RSA certificate is available.
+ * This call is only suitable for TLSv1.3.
+ */
+static VALUE
+ossl_sslctx_set_ciphersuites(VALUE self, VALUE v)
+{
+ SSL_CTX *ctx;
+ VALUE str, elem;
+ int i;
+
+ rb_check_frozen(self);
+ if (NIL_P(v))
+ return v;
+ else if (RB_TYPE_P(v, T_ARRAY)) {
+ str = rb_str_new(0, 0);
+ for (i = 0; i < RARRAY_LEN(v); i++) {
+ elem = rb_ary_entry(v, i);
+ if (RB_TYPE_P(elem, T_ARRAY)) elem = rb_ary_entry(elem, 0);
+ elem = rb_String(elem);
+ rb_str_append(str, elem);
+ if (i < RARRAY_LEN(v)-1) rb_str_cat2(str, ":");
+ }
+ } else {
+ str = v;
+ StringValue(str);
+ }
+
+ GetSSLCTX(self, ctx);
+ if (!SSL_CTX_set_ciphersuites(ctx, StringValueCStr(str))) {
+ ossl_raise(eSSLError, "SSL_CTX_set_ciphersuites");
+ }
+
+ return v;
+}
+
#if !defined(OPENSSL_NO_EC)
/*
* call-seq:
@@ -2693,6 +2736,7 @@ Init_ossl_ssl(void)
ossl_sslctx_set_minmax_proto_version, 2);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
+ rb_define_method(cSSLContext, "ciphersuites=", ossl_sslctx_set_ciphersuites, 1);
rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
rb_define_method(cSSLContext, "security_level", ossl_sslctx_get_security_level, 0);
rb_define_method(cSSLContext, "security_level=", ossl_sslctx_set_security_level, 1);
Write Preview
Loading…
Cancel
Save