From ff0772970362346baf48ffd53c2cb95ff3bc27ec Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Sun, 14 Apr 2024 14:04:11 -0500 Subject: [PATCH 1/2] extconf.rb - add logging for OpenSSL versions --- ext/puma_http11/extconf.rb | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/ext/puma_http11/extconf.rb b/ext/puma_http11/extconf.rb index 651d18bdef..22c7d4b5e3 100644 --- a/ext/puma_http11/extconf.rb +++ b/ext/puma_http11/extconf.rb @@ -16,7 +16,7 @@ found_pkg_config = !has_openssl_dir && pkg_config('openssl') found_ssl = if !$mingw && found_pkg_config - puts 'using OpenSSL pkgconfig (openssl.pc)' + puts '──── Using OpenSSL pkgconfig (openssl.pc) ────' true elsif have_library('libcrypto', 'BIO_read') && have_library('libssl', 'SSL_CTX_new') true @@ -33,26 +33,31 @@ ssl_h = "openssl/ssl.h".freeze - # below is yes for 1.0.2 & later + puts "\n──── Below are yes for 1.0.2 & later ────" have_func "DTLS_method" , ssl_h have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", ssl_h + have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , ssl_h - # below are yes for 1.1.0 & later + puts "\n──── Below are yes for 1.1.0 & later ────" have_func "TLS_server_method" , ssl_h have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , ssl_h - # below are yes for 1.1.1 & later - have_func "SSL_CTX_set_ciphersuites(NULL, \"\")" , ssl_h - + puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 1.1.1 ────" + # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/crypto/x509/x509_lu.c#L220 have_func "X509_STORE_up_ref" - have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , ssl_h - # below exists in 1.1.0 and later, but isn't documented until 3.0.0 + puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────" + # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L1159 have_func "SSL_CTX_set_dh_auto(NULL, 0)" , ssl_h - # below is yes for 3.0.0 & later + puts "\n──── Below is yes for 1.1.1 & later ────" + have_func "SSL_CTX_set_ciphersuites(NULL, \"\")" , ssl_h + + puts "\n──── Below is yes for 3.0.0 & later ────" have_func "SSL_get1_peer_certificate" , ssl_h + puts '' + # Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0 if Random.respond_to?(:bytes) $defs.push "-DHAVE_RANDOM_BYTES" From e9bc4c3b63de9ce456caafc614173543068a7d0c Mon Sep 17 00:00:00 2001 From: MSP-Greg Date: Mon, 15 Apr 2024 18:22:01 -0500 Subject: [PATCH 2/2] ext.conf.rb - remove unused 'have_func' calls --- ext/puma_http11/extconf.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/ext/puma_http11/extconf.rb b/ext/puma_http11/extconf.rb index 22c7d4b5e3..5748647f7f 100644 --- a/ext/puma_http11/extconf.rb +++ b/ext/puma_http11/extconf.rb @@ -36,16 +36,11 @@ puts "\n──── Below are yes for 1.0.2 & later ────" have_func "DTLS_method" , ssl_h have_func "SSL_CTX_set_session_cache_mode(NULL, 0)", ssl_h - have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , ssl_h puts "\n──── Below are yes for 1.1.0 & later ────" have_func "TLS_server_method" , ssl_h have_func "SSL_CTX_set_min_proto_version(NULL, 0)" , ssl_h - puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 1.1.1 ────" - # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/crypto/x509/x509_lu.c#L220 - have_func "X509_STORE_up_ref" - puts "\n──── Below is yes for 1.1.0 and later, but isn't documented until 3.0.0 ────" # https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L1159 have_func "SSL_CTX_set_dh_auto(NULL, 0)" , ssl_h