diff --git a/.travis.yml b/.travis.yml index 4eb8d3e5ce..8eb5abd914 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,6 +29,10 @@ addons: - libunwind-dev - wget - libbrotli1 + - lsb-release + - wget + - gnupg + - ca-certificates cache: directories: @@ -42,13 +46,10 @@ env: - LUAJIT_LIB=$LUAJIT_PREFIX/lib - LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1 - LUA_INCLUDE_DIR=$LUAJIT_INC - - PCRE_PREFIX=/opt/pcre - - PCRE2_PREFIX=/opt/pcre2 + - PCRE_PREFIX=/usr/local/openresty/pcre2 - PCRE_LIB=$PCRE_PREFIX/lib - - PCRE2_LIB=$PCRE2_PREFIX/lib - PCRE_INC=$PCRE_PREFIX/include - - PCRE2_INC=$PCRE2_PREFIX/include - - OPENSSL_PREFIX=/opt/ssl + - OPENSSL_PREFIX=/usr/local/openresty/openssl3 - OPENSSL_LIB=$OPENSSL_PREFIX/lib - OPENSSL_INC=$OPENSSL_PREFIX/include - LIBDRIZZLE_PREFIX=/opt/drizzle @@ -59,14 +60,10 @@ env: - TEST_NGINX_SLEEP=0.006 - MALLOC_PERTURB_=9 jobs: - #- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f - #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1 - - NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45 - - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42 - - NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45 TEST_NGINX_USE_HTTP2=1 - - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42 TEST_NGINX_USE_HTTP2=1 - - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42 - - NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42 + - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.45 + - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.45 TEST_NGINX_USE_HTTP2=1 + - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.45 + - NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.45 services: - memcached @@ -77,15 +74,16 @@ before_install: - '! grep -n -P ''(?<=.{80}).+'' --color `find src -name ''*.c''` `find . -name ''*.h''` || (echo "ERROR: Found C source lines exceeding 80 columns." > /dev/stderr; exit 1)' - '! grep -n -P ''\t+'' --color `find src -name ''*.c''` `find . -name ''*.h''` || (echo "ERROR: Cannot use tabs." > /dev/stderr; exit 1)' - /usr/bin/env perl $(command -v cpanm) --sudo --notest Test::Nginx IPC::Run > build.log 2>&1 || (cat build.log && exit 1) + - wget -O - https://openresty.org/package/pubkey.gpg | sudo apt-key add - + - echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list + - sudo apt-get update + - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openresty-pcre2 openresty-openssl3 openresty-pcre2-dev openresty-openssl3-dev + install: - if [ ! -f download-cache/drizzle7-$DRIZZLE_VER.tar.gz ]; then wget -P download-cache https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/drizzle7-$DRIZZLE_VER.tar.gz; fi - #- if [ -n "$PCRE_VER" ] && [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi #- if [ -n "$PCRE2_VER" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi #- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VER/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi - - if [ -n "$OPENSSL_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/openssl-${OPENSSL_VER}-x64-focal.tar.gz; fi - - if [ -n "$PCRE_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre-${PCRE_VER}-x64-focal.tar.gz; fi - - if [ -n "$PCRE2_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre2-${PCRE2_VER}-x64-focal.tar.gz; fi - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git @@ -137,13 +135,9 @@ script: - sudo make install-libdrizzle-1.0 > build.log 2>&1 || (cat build.log && exit 1) - cd ../mockeagain/ && make CC=$CC -j$JOBS && cd .. - cd lua-cjson/ && make -j$JOBS && sudo make install && cd .. - #- if [ -n "PCRE_VER" ]; then tar zxf download-cache/pcre-$PCRE_VER.tar.gz; cd pcre-$PCRE_VER/; ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi #- if [ -n "$PCRE2_VER" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi #- if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX --libdir=lib -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi - - if [ -n "$BORINGSSL" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi - - if [ -n "$OPENSSL_VER" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf openssl-$OPENSSL_VER-x64-focal.tar.gz --strip-components=2; fi - - if [ -n "$PCRE_VER" ]; then sudo mkdir -p $PCRE_PREFIX && sudo tar -C $PCRE_PREFIX -xf pcre-$PCRE_VER-x64-focal.tar.gz --strip-components=2; fi - - if [ -n "$PCRE2_VER" ]; then sudo mkdir -p $PCRE2_PREFIX && sudo tar -C $PCRE2_PREFIX -xf pcre2-$PCRE2_VER-x64-focal.tar.gz --strip-components=2; fi + - if [ -n "$BORINGSSL" ]; then sudo rm -fr /usr/local/openresty/openssl3/ && sudo tar -C /usr/local/openresty/openssl3 -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi - export NGX_BUILD_CC=$CC - sh util/build-without-ssl.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1) - sh util/build-with-dd.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1) @@ -160,4 +154,4 @@ script: - dig +short myip.opendns.com @resolver1.opendns.com || exit 0 - dig +short @$TEST_NGINX_RESOLVER openresty.org || exit 0 - dig +short @$TEST_NGINX_RESOLVER agentzh.org || exit 0 - - /usr/bin/env perl $(command -v prove) -I. -Itest-nginx/lib -r t/ + - /usr/bin/env perl $(command -v prove) -I. -Itest-nginx/inc -Itest-nginx/lib -r t/ diff --git a/t/143-ssl-session-fetch.t b/t/143-ssl-session-fetch.t index 8e09a52d64..8c7c156ede 100644 --- a/t/143-ssl-session-fetch.t +++ b/t/143-ssl-session-fetch.t @@ -142,7 +142,7 @@ ssl_session_fetch_by_lua\(nginx\.conf:25\):1: ssl fetch sess by lua is running!, server_tokens off; resolver $TEST_NGINX_RESOLVER ipv6=off; lua_ssl_trusted_certificate $TEST_NGINX_CERT_DIR/cert/test.crt; - lua_ssl_protocols TLSv1 TLSv1.1 TLSV1.2; + lua_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; location /t { set $port $TEST_NGINX_MEMCACHED_PORT; @@ -199,6 +199,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/, [error] [alert] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -388,6 +389,7 @@ qr/received memc reply: OK/s [alert] [error] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -635,6 +637,7 @@ qr/ssl_session_fetch_by_lua\*: sess get cb exit code: 0/s should never reached here [alert] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -804,6 +807,7 @@ ssl_session_fetch_by_lua*: sess get cb exit code: 0 should never reached here [alert] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -991,6 +995,7 @@ ssl store session by lua is running! [error] [alert] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -1399,6 +1404,7 @@ qr/elapsed in ssl_session_fetch_by_lua\*: 0\.(?:09|1[01])\d+,/, [error] [alert] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -1494,6 +1500,7 @@ close: 1 nil [alert] [error] [emerg] +--- skip_openssl: 6: > 1.1.1w @@ -1695,3 +1702,4 @@ uthread: failed to kill: already waited or killed [alert] [error] [emerg] +--- skip_openssl: 6: > 1.1.1w diff --git a/util/build-with-dd.sh b/util/build-with-dd.sh index a56a89119b..92ca6da328 100755 --- a/util/build-with-dd.sh +++ b/util/build-with-dd.sh @@ -12,30 +12,13 @@ force=$2 add_fake_shm_module="--add-module=$root/t/data/fake-shm-module" -add_http3_module=--with-http_v3_module -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` -if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then - add_http3_module="" -fi - -disable_pcre2=--without-pcre2 -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` -if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then - disable_pcre2="" -fi -if [ "$USE_PCRE2" = "Y" ]; then - PCRE_INC=$PCRE2_INC - PCRE_LIB=$PCRE2_LIB -fi - time ngx-build $force $version \ --with-threads \ --with-pcre-jit \ - $disable_pcre2 \ --with-ipv6 \ --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC -I$OPENSSL_INC -DDDEBUG=1" \ --with-http_v2_module \ - $add_http3_module \ + --with-http_v3_module \ --with-http_realip_module \ --with-http_ssl_module \ --add-module=$root/../ndk-nginx-module \ diff --git a/util/build-without-ssl.sh b/util/build-without-ssl.sh index 2a998e3c79..0bab08c8b6 100755 --- a/util/build-without-ssl.sh +++ b/util/build-without-ssl.sh @@ -10,34 +10,12 @@ version=${1:-1.4.1} home=~ force=$2 -# the ngx-build script is from https://github.com/agentzh/nginx-devel-utils - - #--add-module=$home/work/nginx_upload_module-2.2.0 \ - - #--without-pcre \ - #--without-http_rewrite_module \ - #--without-http_autoindex_module \ - #--with-cc=gcc46 \ - #--with-cc=clang \ - #--without-http_referer_module \ - #--with-http_spdy_module \ - add_fake_shm_module="--add-module=$root/t/data/fake-shm-module" -disable_pcre2=--without-pcre2 -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` -if [ "$answer" = "N" ] || [ -n "$PCRE2_VER" ]; then - disable_pcre2="" -fi -if [ -n "$PCRE2_VER" ]; then - PCRE_INC=$PCRE2_INC - PCRE_LIB=$PCRE2_LIB -fi - +rm -fr buildroot time ngx-build $force $version \ --with-threads \ --with-pcre-jit \ - $disable_pcre2 \ --with-ipv6 \ --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC" \ --with-http_v2_module \ diff --git a/util/build.sh b/util/build.sh index fdf5c4d53d..a901c03cd3 100755 --- a/util/build.sh +++ b/util/build.sh @@ -30,20 +30,11 @@ if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then add_http3_module="" fi -disable_pcre2=--without-pcre2 answer=`$root/util/ver-ge "$version" 1.25.1` -if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then - disable_pcre2="" -fi -if [ "$USE_PCRE2" = "Y" ]; then - PCRE_INC=$PCRE2_INC - PCRE_LIB=$PCRE2_LIB -fi time ngx-build $force $version \ --with-threads \ --with-pcre-jit \ - $disable_pcre2 \ --with-ipv6 \ --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC -I$OPENSSL_INC" \ --with-http_v2_module \