tests: bumped openssl to v3.4.1

.travis.yml

@@ -29,6 +29,10 @@ addons:
       - libunwind-dev
       - wget
       - libbrotli1
+      - lsb-release
+      - wget
+      - gnupg
+      - ca-certificates
 
 cache:
   directories:
@@ -42,13 +46,10 @@ env:
     - LUAJIT_LIB=$LUAJIT_PREFIX/lib
     - LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1
     - LUA_INCLUDE_DIR=$LUAJIT_INC
-    - PCRE_PREFIX=/opt/pcre
-    - PCRE2_PREFIX=/opt/pcre2
+    - PCRE_PREFIX=/usr/local/openresty/pcre2
     - PCRE_LIB=$PCRE_PREFIX/lib
-    - PCRE2_LIB=$PCRE2_PREFIX/lib
     - PCRE_INC=$PCRE_PREFIX/include
-    - PCRE2_INC=$PCRE2_PREFIX/include
-    - OPENSSL_PREFIX=/opt/ssl
+    - OPENSSL_PREFIX=/usr/local/openresty/openssl3
     - OPENSSL_LIB=$OPENSSL_PREFIX/lib
     - OPENSSL_INC=$OPENSSL_PREFIX/include
     - LIBDRIZZLE_PREFIX=/opt/drizzle
@@ -59,14 +60,10 @@ env:
     - TEST_NGINX_SLEEP=0.006
     - MALLOC_PERTURB_=9
   jobs:
-    #- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f
-    #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1
-    - NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45
-    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42
-    - NGINX_VERSION=1.27.1 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f TEST_NGINX_TIMEOUT=5 PCRE_VER=8.45 TEST_NGINX_USE_HTTP2=1
-    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.42 TEST_NGINX_USE_HTTP2=1
-    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.0.15 OPENSSL_PATCH_VER=3.0.15 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42
-    - NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.42
+    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.45
+    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_TIMEOUT=5 PCRE2_VER=10.45 TEST_NGINX_USE_HTTP2=1
+    - NGINX_VERSION=1.27.1 OPENSSL_VER=3.4.1 OPENSSL_PATCH_VER=3.4.1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.45
+    - NGINX_VERSION=1.27.1 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 TEST_NGINX_QUIC_IDLE_TIMEOUT=3 PCRE2_VER=10.45
 
 services:
   - memcached
@@ -77,15 +74,16 @@ before_install:
   - '! grep -n -P ''(?<=.{80}).+'' --color `find src -name ''*.c''` `find . -name ''*.h''` || (echo "ERROR: Found C source lines exceeding 80 columns." > /dev/stderr; exit 1)'
   - '! grep -n -P ''\t+'' --color `find src -name ''*.c''` `find . -name ''*.h''` || (echo "ERROR: Cannot use tabs." > /dev/stderr; exit 1)'
   - /usr/bin/env perl $(command -v cpanm) --sudo --notest Test::Nginx IPC::Run > build.log 2>&1 || (cat build.log && exit 1)
+  - wget -O - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
+  - echo "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/openresty.list
+  - sudo apt-get update
+  - sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends openresty-pcre2 openresty-openssl3 openresty-pcre2-dev openresty-openssl3-dev
+
 
 install:
   - if [ ! -f download-cache/drizzle7-$DRIZZLE_VER.tar.gz ]; then wget -P download-cache https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/drizzle7-$DRIZZLE_VER.tar.gz; fi
-  #- if [ -n "$PCRE_VER" ] && [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre/${PCRE_VER}/pcre-${PCRE_VER}.tar.gz; fi
   #- if [ -n "$PCRE2_VER" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi
   #- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VER/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
-  - if [ -n "$OPENSSL_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/openssl-${OPENSSL_VER}-x64-focal.tar.gz; fi
-  - if [ -n "$PCRE_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre-${PCRE_VER}-x64-focal.tar.gz; fi
-  - if [ -n "$PCRE2_VER" ]; then wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v1.0.0/pcre2-${PCRE2_VER}-x64-focal.tar.gz; fi
   - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz
   - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz
   - git clone https://github.com/openresty/test-nginx.git
@@ -137,13 +135,9 @@ script:
   - sudo make install-libdrizzle-1.0 > build.log 2>&1 || (cat build.log && exit 1)
   - cd ../mockeagain/ && make CC=$CC -j$JOBS && cd ..
   - cd lua-cjson/ && make -j$JOBS && sudo make install && cd ..
-  #- if [ -n "PCRE_VER" ]; then tar zxf download-cache/pcre-$PCRE_VER.tar.gz; cd pcre-$PCRE_VER/; ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
   #- if [ -n "$PCRE2_VER" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
   #- if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX --libdir=lib -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
-  - if [ -n "$BORINGSSL" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi
-  - if [ -n "$OPENSSL_VER" ]; then sudo mkdir -p /opt/ssl && sudo tar -C /opt/ssl -xf openssl-$OPENSSL_VER-x64-focal.tar.gz --strip-components=2; fi
-  - if [ -n "$PCRE_VER" ]; then sudo mkdir -p $PCRE_PREFIX && sudo tar -C $PCRE_PREFIX -xf pcre-$PCRE_VER-x64-focal.tar.gz --strip-components=2; fi
-  - if [ -n "$PCRE2_VER" ]; then sudo mkdir -p $PCRE2_PREFIX && sudo tar -C $PCRE2_PREFIX -xf pcre2-$PCRE2_VER-x64-focal.tar.gz --strip-components=2; fi
+  - if [ -n "$BORINGSSL" ]; then sudo rm -fr /usr/local/openresty/openssl3/ && sudo tar -C /usr/local/openresty/openssl3 -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi
   - export NGX_BUILD_CC=$CC
   - sh util/build-without-ssl.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1)
   - sh util/build-with-dd.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1)
@@ -160,4 +154,4 @@ script:
   - dig +short myip.opendns.com @resolver1.opendns.com || exit 0
   - dig +short @$TEST_NGINX_RESOLVER openresty.org || exit 0
   - dig +short @$TEST_NGINX_RESOLVER agentzh.org || exit 0
-  - /usr/bin/env perl $(command -v prove) -I. -Itest-nginx/lib -r t/
+  - /usr/bin/env perl $(command -v prove) -I. -Itest-nginx/inc -Itest-nginx/lib -r t/

t/143-ssl-session-fetch.t

@@ -142,7 +142,7 @@ ssl_session_fetch_by_lua\(nginx\.conf:25\):1: ssl fetch sess by lua is running!,
     server_tokens off;
     resolver $TEST_NGINX_RESOLVER ipv6=off;
     lua_ssl_trusted_certificate $TEST_NGINX_CERT_DIR/cert/test.crt;
-    lua_ssl_protocols TLSv1 TLSv1.1 TLSV1.2;
+    lua_ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
 
     location /t {
         set $port $TEST_NGINX_MEMCACHED_PORT;
@@ -199,6 +199,7 @@ qr/elapsed in ssl fetch session by lua: 0.(?:09|1[01])\d+,/,
 [error]
 [alert]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -388,6 +389,7 @@ qr/received memc reply: OK/s
 [alert]
 [error]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -635,6 +637,7 @@ qr/ssl_session_fetch_by_lua\*: sess get cb exit code: 0/s
 should never reached here
 [alert]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -804,6 +807,7 @@ ssl_session_fetch_by_lua*: sess get cb exit code: 0
 should never reached here
 [alert]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -991,6 +995,7 @@ ssl store session by lua is running!
 [error]
 [alert]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -1399,6 +1404,7 @@ qr/elapsed in ssl_session_fetch_by_lua\*: 0\.(?:09|1[01])\d+,/,
 [error]
 [alert]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -1494,6 +1500,7 @@ close: 1 nil
 [alert]
 [error]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w
 
 
 
@@ -1695,3 +1702,4 @@ uthread: failed to kill: already waited or killed
 [alert]
 [error]
 [emerg]
+--- skip_openssl: 6: > 1.1.1w

util/build-with-dd.sh

@@ -12,30 +12,13 @@ force=$2
 
 add_fake_shm_module="--add-module=$root/t/data/fake-shm-module"
 
-add_http3_module=--with-http_v3_module
-answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1`
-if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then
-    add_http3_module=""
-fi
-
-disable_pcre2=--without-pcre2
-answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1`
-if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then
-    disable_pcre2=""
-fi
-if [ "$USE_PCRE2" = "Y" ]; then
-    PCRE_INC=$PCRE2_INC
-    PCRE_LIB=$PCRE2_LIB
-fi
-
 time ngx-build $force $version \
             --with-threads \
             --with-pcre-jit \
-            $disable_pcre2 \
             --with-ipv6 \
             --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC -I$OPENSSL_INC -DDDEBUG=1" \
             --with-http_v2_module \
-            $add_http3_module \
+            --with-http_v3_module \
             --with-http_realip_module \
             --with-http_ssl_module \
             --add-module=$root/../ndk-nginx-module \

util/build-without-ssl.sh

@@ -10,34 +10,12 @@ version=${1:-1.4.1}
 home=~
 force=$2
 
-# the ngx-build script is from https://github.com/agentzh/nginx-devel-utils
-
-            #--add-module=$home/work/nginx_upload_module-2.2.0 \
-
-            #--without-pcre \
-            #--without-http_rewrite_module \
-            #--without-http_autoindex_module \
-            #--with-cc=gcc46 \
-            #--with-cc=clang \
-            #--without-http_referer_module \
-            #--with-http_spdy_module \
-
 add_fake_shm_module="--add-module=$root/t/data/fake-shm-module"
 
-disable_pcre2=--without-pcre2
-answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1`
-if [ "$answer" = "N" ] || [ -n "$PCRE2_VER" ]; then
-    disable_pcre2=""
-fi
-if [ -n "$PCRE2_VER" ]; then
-    PCRE_INC=$PCRE2_INC
-    PCRE_LIB=$PCRE2_LIB
-fi
-
+rm -fr buildroot
 time ngx-build $force $version \
             --with-threads \
             --with-pcre-jit \
-            $disable_pcre2 \
             --with-ipv6 \
             --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC" \
             --with-http_v2_module \

util/build.sh

@@ -30,20 +30,11 @@ if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then
     add_http3_module=""
 fi
 
-disable_pcre2=--without-pcre2
 answer=`$root/util/ver-ge "$version" 1.25.1`
-if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then
-    disable_pcre2=""
-fi
-if [ "$USE_PCRE2" = "Y" ]; then
-    PCRE_INC=$PCRE2_INC
-    PCRE_LIB=$PCRE2_LIB
-fi
 
 time ngx-build $force $version \
             --with-threads \
             --with-pcre-jit \
-            $disable_pcre2 \
             --with-ipv6 \
             --with-cc-opt="-DNGX_LUA_USE_ASSERT -I$PCRE_INC -I$OPENSSL_INC" \
             --with-http_v2_module \