Merge pull request #300 from qzhuyan/dev/william/prepare-link-system-crypto

prepare link system crypto

Author: qzhuyan

.github/workflows/main.yml

@@ -93,6 +93,7 @@ jobs:
         openssl:
           - openssl3
           - openssl
+          - sys
         rebar3:
           - 3.23.0
         build_type:
@@ -115,15 +116,15 @@ jobs:
       - name: release build with debug log off
         env:
           CMAKE_BUILD_TYPE: ${{ matrix.build_type }}
-          QUIC_TLS: ${{ matrix.openssl }}
+          QUICER_TLS_VER: ${{ matrix.openssl }}
           QUIC_ENABLE_LOGGING: ${{ matrix.logging }}
         run: |
           echo "github ref: ${{ github.event.ref }}"
           echo "github ref: ${{ github.ref }}"
           sudo sysctl -w kernel.core_pattern=core
           ulimit -c unlimited
           export CMAKE_BUILD_TYPE
-          export QUIC_TLS
+          export QUICER_TLS_VER
           export QUIC_ENABLE_LOGGING
           if [ "${QUIC_ENABLE_LOGGING}" == "ON" ] ; then
             export QUIC_LOGGING_TYPE=lttng

.github/workflows/release.yaml

@@ -49,12 +49,12 @@ jobs:
       - name: build release
         if: startsWith(github.ref, 'refs/tags/')
         env:
-          QUIC_TLS: ${{ matrix.openssl }}
+          QUICER_TLS_VER: ${{ matrix.openssl }}
         run: |
           wget https://s3.amazonaws.com/rebar3/rebar3 && chmod +x rebar3
           sudo mv rebar3 /usr/local/bin/ && sudo chmod +x /usr/local/bin/rebar3
           erl -eval 'erlang:display(erlang:system_info(system_version)),halt()'
-          export QUIC_TLS
+          export QUICER_TLS_VER
           BUILD_RELEASE=1 make
 
       - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
@@ -65,7 +65,7 @@ jobs:
             _packages/*.gz
             _packages/*.gz.sha256
 
-  linux:
+  emqx-linux:
     strategy:
       fail-fast: false
       matrix:
@@ -75,6 +75,7 @@ jobs:
         openssl:
           - openssl3
           - openssl
+          - sys
         arch:
           - amd64
           - arm64
@@ -90,6 +91,9 @@ jobs:
           - amzn2
           - el9
           - el8
+        exclude:
+          - os: el9
+            openssl: sys
     runs-on: ubuntu-latest
 
     steps:
@@ -113,7 +117,7 @@ jobs:
         run: |
           IMAGE=ghcr.io/emqx/emqx-builder/5.3-13:1.15.7-${{ matrix.otp }}-${{ matrix.os }}
           docker run -i --rm -v $(pwd):/wd --workdir /wd --platform=linux/${{ matrix.arch }} \
-          -e BUILD_RELEASE=1 -e QUIC_TLS=${{ matrix.openssl }} \
+          -e BUILD_RELEASE=1 -e QUICER_TLS_VER=${{ matrix.openssl }} \
           $IMAGE bash -euc 'git config --global --add safe.directory /wd; make'
 
       - uses: actions/upload-artifact@v4
@@ -128,7 +132,7 @@ jobs:
     runs-on: ubuntu-latest
     needs:
       - mac
-      - linux
+      - emqx-linux
     if: startsWith(github.ref, 'refs/tags/')
     steps:
       - uses: actions/download-artifact@v4

CMakeLists.txt

@@ -35,14 +35,20 @@ else()
   set(CMAKE_BUILD_TYPE "RelWithDebInfo")
 endif()
 
-if (DEFINED ENV{QUICER_USE_OPENSSL3})
-  message(STATUS "Use openssl3")
-  set(QUIC_TLS "openssl3")
-endif()
+if (DEFINED ENV{QUICER_TLS_VER})
+  if ($ENV{QUICER_TLS_VER} STREQUAL "sys")
+    ## Link to sys libcrypto, auto openssl vsn
+    find_package(OpenSSL REQUIRED)
+    if ("${OPENSSL_VERSION}" MATCHES "3.*")
+      set(QUIC_TLS "openssl3" CACHE STRING "QUIC_TLS")
+    else()
+      set(QUIC_TLS "openssl" CACHE STRING "QUIC_TLS")
+    endif()
+    set(QUIC_USE_SYSTEM_LIBCRYPTO "ON")
+  else()
+    set(QUIC_TLS $ENV{QUICER_TLS_VER})
+  endif()
 
-if (DEFINED ENV{QUIC_USE_SYSTEM_LIBCRYPTO})
-  message(STATUS "Link to system libcrypto")
-  set(QUIC_USE_SYSTEM_LIBCRYPTO "ON")
 endif()
 
 if (DEFINED ENV{QUIC_ENABLE_LOGGING})

c_src/quicer_eterms.h

@@ -104,6 +104,7 @@ extern ERL_NIF_TERM ATOM_QUIC_STATUS_UNSUPPORTED_CERTIFICATE;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_REVOKED_CERTIFICATE;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_EXPIRED_CERTIFICATE;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_UNKNOWN_CERTIFICATE;
+extern ERL_NIF_TERM ATOM_QUIC_STATUS_REQUIRED_CERTIFICATE;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_EXPIRED;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_UNTRUSTED_ROOT;
 extern ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_NO_CERT;

c_src/quicer_nif.c

@@ -127,6 +127,7 @@ ERL_NIF_TERM ATOM_QUIC_STATUS_UNSUPPORTED_CERTIFICATE;
 ERL_NIF_TERM ATOM_QUIC_STATUS_REVOKED_CERTIFICATE;
 ERL_NIF_TERM ATOM_QUIC_STATUS_EXPIRED_CERTIFICATE;
 ERL_NIF_TERM ATOM_QUIC_STATUS_UNKNOWN_CERTIFICATE;
+ERL_NIF_TERM ATOM_QUIC_STATUS_REQUIRED_CERTIFICATE;
 ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_EXPIRED;
 ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_UNTRUSTED_ROOT;
 ERL_NIF_TERM ATOM_QUIC_STATUS_CERT_NO_CERT;
@@ -502,6 +503,7 @@ ERL_NIF_TERM ATOM_QUIC_DATAGRAM_SEND_CANCELED;
   ATOM(ATOM_QUIC_STATUS_REVOKED_CERTIFICATE, revoked_certificate);            \
   ATOM(ATOM_QUIC_STATUS_EXPIRED_CERTIFICATE, expired_certificate);            \
   ATOM(ATOM_QUIC_STATUS_UNKNOWN_CERTIFICATE, unknown_certificate);            \
+  ATOM(ATOM_QUIC_STATUS_REQUIRED_CERTIFICATE, required_certificate);          \
   ATOM(ATOM_QUIC_STATUS_CERT_EXPIRED, cert_expired);                          \
   ATOM(ATOM_QUIC_STATUS_CERT_UNTRUSTED_ROOT, cert_untrusted_root);            \
   ATOM(ATOM_QUIC_STATUS_CERT_NO_CERT, cert_no_cert);                          \
@@ -1337,6 +1339,21 @@ atom_status(ErlNifEnv *env, QUIC_STATUS status)
     case QUIC_STATUS_STREAM_LIMIT_REACHED:
       eterm = ATOM_QUIC_STATUS_STREAM_LIMIT_REACHED;
       break;
+    case QUIC_STATUS_UNSUPPORTED_CERTIFICATE:
+      eterm = ATOM_QUIC_STATUS_UNSUPPORTED_CERTIFICATE;
+      break;
+    case QUIC_STATUS_REVOKED_CERTIFICATE:
+      eterm = ATOM_QUIC_STATUS_REVOKED_CERTIFICATE;
+      break;
+    case QUIC_STATUS_EXPIRED_CERTIFICATE:
+      eterm = ATOM_QUIC_STATUS_EXPIRED_CERTIFICATE;
+      break;
+    case QUIC_STATUS_UNKNOWN_CERTIFICATE:
+      eterm = ATOM_QUIC_STATUS_UNKNOWN_CERTIFICATE;
+      break;
+    case QUIC_STATUS_REQUIRED_CERTIFICATE:
+      eterm = ATOM_QUIC_STATUS_REQUIRED_CERTIFICATE;
+      break;
     case QUIC_STATUS_CERT_EXPIRED:
       eterm = ATOM_QUIC_STATUS_CERT_EXPIRED;
       break;

pkgname.sh

@@ -29,7 +29,7 @@ esac
 ARCH="$(uname -m)"
 VSN="$(git describe --tags --exact-match | head -1)"
 
-OPENSSL=${QUIC_TLS:-openssl}
+OPENSSL=${QUICER_TLS_VER:-openssl}
 
 if [ -z "$VSN" ]; then
     exit 0

test/prop_stateful_client_conn.erl

@@ -271,7 +271,7 @@ default_listen_opts() ->
 default_conn_opts() ->
     [
         {alpn, ["prop"]},
-        %% , {sslkeylogfile, "/tmp/SSLKEYLOGFILE"}
+        %%{sslkeylogfile, "/tmp/SSLKEYLOGFILE"},
         {verify, none},
         {idle_timeout_ms, 0},
         {cacertfile, "./msquic/submodules/openssl/test/certs/rootCA.pem"},

test/prop_stateful_server_conn.erl

@@ -353,7 +353,7 @@ default_listen_opts() ->
 default_conn_opts() ->
     [
         {alpn, ["prop"]},
-        %% , {sslkeylogfile, "/tmp/SSLKEYLOGFILE"}
+        %% {sslkeylogfile, "/tmp/SSLKEYLOGFILE"},
         {verify, none},
         {idle_timeout_ms, 5000},
         {cacertfile, "./msquic/submodules/openssl/test/certs/rootCA.pem"},

test/prop_stateful_stream.erl

@@ -323,7 +323,7 @@ default_listen_opts() ->
 default_conn_opts() ->
     [
         {alpn, ["prop"]},
-        %% , {sslkeylogfile, "/tmp/SSLKEYLOGFILE"}
+        %% {sslkeylogfile, "/tmp/SSLKEYLOGFILE"},
         {verify, none},
         {idle_timeout_ms, 0},
         {handshake_idle_timeout_ms, 10000},

test/quicer_SUITE.erl

@@ -2424,7 +2424,7 @@ tc_conn_opt_sslkeylogfile(Config) ->
     ),
     quicer:close_connection(Conn),
     timer:sleep(100),
-    {ok, #file_info{type = regular}} = file:read_file_info("SSLKEYLOGFILE").
+    {ok, #file_info{type = regular}} = file:read_file_info(TargetFName).
 
 tc_insecure_traffic(Config) ->
     Port = select_port(),