CI: Test Themis with OpenSSL 3.0 #877
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ilammy
added
C-OpenSSL-3.0
Sure :))))) |
vixentael
approved these changes
Nov 15, 2021
ilammy
changed the base branch from
rebase-after-876-is-merged
to
openssl-3.0
First, that's a tad long command line. Set all these variables in environment instead of cramming them into make's command line. Second, I'm going to need that "build-openssl-3.0" directory for legit testing with OpenSSL. Use a different directory for this test -- which is about OpenSSL 3.0 build failing in absence of WITH_EXPERIMENTAL_OPENSSL_3_SUPPORT being set.
Let's test OpenSSL 3.0 builds where we can, making sure that they work. Note that OpenSSL 3.0 support is still experimental and requires special setup. Also, we still use deprecated APIs. In order to make the builds green, stop treating warnings as errors, but *don't* suppress them. Sometime they need to be fixed, not stay like that forever. While Themis can be built with OpenSSL 3.0 and apparently passes all the unit tests, it's still not fully supported. We don't know how compatible OpenSSL 1.1.1 is with OpenSSL 3.0 (or rather, how compatible is Themis use of them). Similarly, we have no provisions for building Themis packages linked against a specific version of OpenSSL. Currently, only macOS provides a sort of a system installation of OpenSSL 3.0. While we could build OpenSSL 3.0 on Linux for testing, I don't think we should be testing non-system setups extensively. Verifying this on macOS alone is good enough for the time being.
ilammy
force-pushed
the
openssl-3.0-build
branch
from
3e6a75c to
5339dc6
Compare
|
Rebased onto |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With #875 and #876, Soter and Themis test suites should now pass for OpenSSL 3.0.
Let's test OpenSSL 3.0 builds where we can, making sure that they work. Note that OpenSSL 3.0 support is still experimental and requires special setup. Also, we still use deprecated APIs. In order to make the builds green, stop treating warnings as errors, but don't suppress them. Sometime they need to be fixed, not stay like that forever.
While Themis can be built with OpenSSL 3.0 and apparently passes all the unit tests, it's still not fully supported. We don't know how compatible OpenSSL 1.1.1 is with OpenSSL 3.0 (or rather, how compatible is Themis use of them). Similarly, we have no provisions for building Themis packages linked against a specific version of OpenSSL.
Currently, only macOS provides a sort of a system installation of OpenSSL 3.0. While we could build OpenSSL 3.0 on Linux for testing, I don't think we should be testing non-system setups extensively. Verifying this on macOS alone is good enough for the time being.
Checklist
Changelog is updated(no need, ninja change)