diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-27 00:38:38 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-27 11:15:15 +0900 |
| commit | 202ff1372a40a8adf9aac74bfe8a39141b0c57e5 (patch) | |
| tree | fd7ea362c48b244c9e74260428047fbae6007e0b | |
| parent | 57707fb354a28c86a32a4b989fbe53e88c6d2a93 (diff) | |
| download | ruby-openssl-202ff1372a40a8adf9aac74bfe8a39141b0c57e5.tar.gz | |
ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3ky/maint-refuse-openssl-3.0
Ruby/OpenSSL 2.1.x and 2.2.x will not support OpenSSL 3.0 API. Let's
make extconf.rb explicitly check the version number to be within the
acceptable range, since it will not compile anyway.
Reference: https://bugs.ruby-lang.org/issues/18192
| -rw-r--r-- | ext/openssl/extconf.rb | 43 |
1 files changed, 25 insertions, 18 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index 264130bb..7e817ae2 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -37,9 +37,6 @@ if $mswin || $mingw have_library("ws2_32") end -Logging::message "=== Checking for required stuff... ===\n" -result = pkg_config("openssl") && have_header("openssl/ssl.h") - def find_openssl_library if $mswin || $mingw # required for static OpenSSL libraries @@ -90,19 +87,33 @@ def find_openssl_library return false end -unless result - unless find_openssl_library - Logging::message "=== Checking for required stuff failed. ===\n" - Logging::message "Makefile wasn't created. Fix the errors above.\n" - raise "OpenSSL library could not be found. You might want to use " \ - "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \ - "is installed." - end +Logging::message "=== Checking for required stuff... ===\n" +pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h") + +if !pkg_config_found && !find_openssl_library + Logging::message "=== Checking for required stuff failed. ===\n" + Logging::message "Makefile wasn't created. Fix the errors above.\n" + raise "OpenSSL library could not be found. You might want to use " \ + "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \ + "is installed." end -unless checking_for("OpenSSL version is 1.0.1 or later") { - try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") } - raise "OpenSSL >= 1.0.1 or LibreSSL is required" +version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") + is_libressl = true + checking_for("LibreSSL version >= 2.5.0") { + try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") } +else + checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") { + try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") && + !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") } +end +unless version_ok + raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required" +end + +# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h +if is_libressl && ($mswin || $mingw) + $defs.push("-DNOCRYPT") end Logging::message "=== Checking for OpenSSL features... ===\n" @@ -114,10 +125,6 @@ engines.each { |name| OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } -if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") - $defs.push("-DNOCRYPT") -end - # added in 1.0.2 have_func("EC_curve_nist2nid") have_func("X509_REVOKED_dup") |