romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-28 17:17:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

tidy-up: sort TLS backends, distros, alphabetically

Browse source 
Also:
- replace stray [Rr]ustls-ffi with Rustls for consistency.
- add AWS-LC to a couple of lists where missing.

Closes #21481
This commit is contained in:
Viktor Szakats 2026-05-01 13:25:49 +02:00
parent ed3cd8b046
commit 4815070794
No known key found for this signature in database
21 changed files with 345 additions and 345 deletions
Download patch file Download diff file Expand all files Collapse all files

378
.github/workflows/http3-linux.yml vendored
View file

@ -36,13 +36,6 @@ env:
CURL_CI: github
CURL_TEST_MIN: 1850
DO_NOT_TRACK: '1'
# renovate: datasource=github-releases depName=openssl/openssl versioning=semver extractVersion=^openssl-(?<version>.+)$ registryUrl=https://github.com
OPENSSL_VERSION: 4.0.0
# manually bumped
OPENSSL_PREV_VERSION: 3.6.2
OPENSSL_PREV_SHA256: aaf51a1fe064384f811daeaeb4ec4dce7340ec8bd893027eee676af31e83a04f
# renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
LIBRESSL_VERSION: 4.3.1
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
AWSLC_VERSION: 1.73.0
# renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
@ -51,6 +44,15 @@ env:
NETTLE_VERSION: 3.10.2
# renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver extractVersion=^nettle_?(?<version>.+)_release_.+$ registryUrl=https://github.com
GNUTLS_VERSION: 3.8.11
# renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
LIBRESSL_VERSION: 4.3.1
# renovate: datasource=github-releases depName=openssl/openssl versioning=semver extractVersion=^openssl-(?<version>.+)$ registryUrl=https://github.com
OPENSSL_VERSION: 4.0.0
# manually bumped
OPENSSL_PREV_VERSION: 3.6.2
OPENSSL_PREV_SHA256: aaf51a1fe064384f811daeaeb4ec4dce7340ec8bd893027eee676af31e83a04f
# renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com
QUICHE_VERSION: 0.24.7
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
WOLFSSL_VERSION: 5.9.1
# renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com
@ -59,8 +61,6 @@ env:
NGTCP2_VERSION: 1.22.1
# renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
NGHTTP2_VERSION: 1.69.0
# renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com
QUICHE_VERSION: 0.24.7
jobs:
build-cache:
@ -68,33 +68,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: 'cache openssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
- name: 'cache openssl-prev'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-prev-http3-no-deprecated
env:
cache-name: cache-openssl-prev-http3-no-deprecated
with:
path: ~/openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_PREV_VERSION }}
- name: 'cache libressl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
- name: 'cache awslc'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-awslc
@ -131,6 +104,33 @@ jobs:
path: ~/gnutls/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }}-${{ env.NETTLE_VERSION }}
- name: 'cache libressl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
- name: 'cache openssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
- name: 'cache openssl-prev'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-prev-http3-no-deprecated
env:
cache-name: cache-openssl-prev-http3-no-deprecated
with:
path: ~/openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_PREV_VERSION }}
- name: 'cache wolfssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-wolfssl
@ -159,15 +159,6 @@ jobs:
key: "${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-\
${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}"
- name: 'cache ngtcp2 openssl-prev'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-ngtcp2-openssl-prev
env:
cache-name: cache-ngtcp2-openssl-prev
with:
path: ~/ngtcp2-openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_PREV_VERSION }}
- name: 'cache ngtcp2 boringssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-ngtcp2-boringssl
@ -177,6 +168,15 @@ jobs:
path: ~/ngtcp2-boringssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }}
- name: 'cache ngtcp2 openssl-prev'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-ngtcp2-openssl-prev
env:
cache-name: cache-ngtcp2-openssl-prev
with:
path: ~/ngtcp2-openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_PREV_VERSION }}
- name: 'cache nghttp2'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-nghttp2
@ -189,18 +189,18 @@ jobs:
- id: settings
if: >-
${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-openssl-prev-http3-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-libressl.outputs.cache-hit != 'true' ||
steps.cache-awslc.outputs.cache-hit != 'true' ||
${{ steps.cache-awslc.outputs.cache-hit != 'true' ||
steps.cache-boringssl.outputs.cache-hit != 'true' ||
steps.cache-nettle.outputs.cache-hit != 'true' ||
steps.cache-gnutls.outputs.cache-hit != 'true' ||
steps.cache-libressl.outputs.cache-hit != 'true' ||
steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-openssl-prev-http3-no-deprecated.outputs.cache-hit != 'true' ||
steps.cache-wolfssl.outputs.cache-hit != 'true' ||
steps.cache-nghttp3.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2-openssl-prev.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2-openssl-prev.outputs.cache-hit != 'true' ||
steps.cache-ngtcp2.outputs.cache-hit != 'true' ||
steps.cache-nghttp2.outputs.cache-hit != 'true' }}
run: echo 'needs-build=true' >> "$GITHUB_OUTPUT"
@ -221,40 +221,6 @@ jobs:
echo 'CC=gcc-12' >> "$GITHUB_ENV"
echo 'CXX=g++-12' >> "$GITHUB_ENV"
- name: 'build openssl'
if: ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
git clone --quiet --depth 1 --branch "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl
cd openssl
./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated
make
make -j1 install_sw
- name: 'build openssl-prev'
if: ${{ steps.cache-openssl-prev-http3-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_PREV_VERSION}/openssl-${OPENSSL_PREV_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OPENSSL_PREV_SHA256}" && tar -xzf pkg.bin && rm -f pkg.bin
cd "openssl-${OPENSSL_PREV_VERSION}"
./config --prefix=/home/runner/openssl-prev/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated
make
make -j1 install_sw
- name: 'build libressl'
if: ${{ steps.cache-libressl.outputs.cache-hit != 'true' }}
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl/build
cmake --build .
cmake --install .
- name: 'build awslc'
if: ${{ steps.cache-awslc.outputs.cache-hit != 'true' }}
run: |
@ -309,6 +275,40 @@ jobs:
--disable-guile --disable-doc --disable-tests --disable-tools
make install
- name: 'build libressl'
if: ${{ steps.cache-libressl.outputs.cache-hit != 'true' }}
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin
cd "libressl-${LIBRESSL_VERSION}"
cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl/build
cmake --build .
cmake --install .
- name: 'build openssl'
if: ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
git clone --quiet --depth 1 --branch "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl
cd openssl
./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated
make
make -j1 install_sw
- name: 'build openssl-prev'
if: ${{ steps.cache-openssl-prev-http3-no-deprecated.outputs.cache-hit != 'true' }}
run: |
cd ~
curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
--location "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_PREV_VERSION}/openssl-${OPENSSL_PREV_VERSION}.tar.gz" --output pkg.bin
sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OPENSSL_PREV_SHA256}" && tar -xzf pkg.bin && rm -f pkg.bin
cd "openssl-${OPENSSL_PREV_VERSION}"
./config --prefix=/home/runner/openssl-prev/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated
make
make -j1 install_sw
- name: 'build wolfssl'
if: ${{ steps.cache-wolfssl.outputs.cache-hit != 'true' }}
run: |
@ -412,57 +412,6 @@ jobs:
fail-fast: false
matrix:
build:
- name: 'openssl'
tflags: '--min=1700'
LDFLAGS: -Wl,-rpath,/home/runner/openssl/build/lib
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
--with-openssl=/home/runner/openssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --enable-ssls-export
- name: 'openssl'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
-DUSE_ECH=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'openssl-prev'
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/openssl-prev/build/lib
PKG_CONFIG_PATH: "\
/home/runner/openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp3/build/lib/pkgconfig:\
/home/runner/nghttp2-openssl-prev/build/lib/pkgconfig"
configure: >-
--with-openssl=/home/runner/openssl-prev/build --with-ngtcp2=/home/runner/ngtcp2-openssl-prev/build --enable-ssls-export
- name: 'openssl-prev'
tflags: '--min=1700'
PKG_CONFIG_PATH: "\
/home/runner/openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp3/build/lib/pkgconfig:\
/home/runner/ngtcp2-openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp2/build/lib/pkgconfig"
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl-prev/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
- name: 'libressl'
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/libressl/build/lib
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
# Intentionally using '--with-ngtcp2=<path>' to test this way of configuration, in addition to bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' in other jobs.
configure: >-
--with-openssl=/home/runner/libressl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export
--enable-unity
- name: 'libressl'
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON
- name: 'awslc'
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/awslc/build/lib
@ -515,22 +464,56 @@ jobs:
-DCURL_USE_GNUTLS=ON -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'wolfssl'
install_packages: libssh2-1-dev
- name: 'libressl'
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl/build/lib
PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
LDFLAGS: -Wl,-rpath,/home/runner/libressl/build/lib
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
# Intentionally using '--with-ngtcp2=<path>' to test this way of configuration, in addition to bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' in other jobs.
configure: >-
--with-wolfssl=/home/runner/wolfssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --with-libssh2 --enable-ssls-export
--with-openssl=/home/runner/libressl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export
--enable-unity
- name: 'wolfssl'
install_packages: libssh2-1-dev
tflags: '--min=1900'
PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
- name: 'libressl'
PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON
-DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON
- name: 'openssl'
tflags: '--min=1700'
LDFLAGS: -Wl,-rpath,/home/runner/openssl/build/lib
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
--with-openssl=/home/runner/openssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --enable-ssls-export
- name: 'openssl'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
-DUSE_ECH=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'openssl-prev'
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/openssl-prev/build/lib
PKG_CONFIG_PATH: "\
/home/runner/openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp3/build/lib/pkgconfig:\
/home/runner/nghttp2-openssl-prev/build/lib/pkgconfig"
configure: >-
--with-openssl=/home/runner/openssl-prev/build --with-ngtcp2=/home/runner/ngtcp2-openssl-prev/build --enable-ssls-export
- name: 'openssl-prev'
tflags: '--min=1700'
PKG_CONFIG_PATH: "\
/home/runner/openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp3/build/lib/pkgconfig:\
/home/runner/ngtcp2-openssl-prev/build/lib/pkgconfig:\
/home/runner/nghttp2/build/lib/pkgconfig"
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl-prev/build -DUSE_NGTCP2=ON
-DCURL_DISABLE_LDAP=ON
- name: 'quiche'
install_steps: skipall
@ -549,6 +532,23 @@ jobs:
-DUSE_QUICHE=ON
-DCURL_CA_FALLBACK=ON
- name: 'wolfssl'
install_packages: libssh2-1-dev
install_steps: skipall
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl/build/lib
PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
configure: >-
--with-wolfssl=/home/runner/wolfssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --with-libssh2 --enable-ssls-export
--enable-unity
- name: 'wolfssl'
install_packages: libssh2-1-dev
tflags: '--min=1900'
PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON
-DUSE_ECH=ON
steps:
- name: 'install prereqs'
timeout-minutes: 2
@ -570,38 +570,6 @@ jobs:
echo 'CC=gcc-12' >> "$GITHUB_ENV"
echo 'CXX=g++-12' >> "$GITHUB_ENV"
- name: 'cache openssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache openssl-prev'
if: ${{ contains(matrix.build.name, 'openssl-prev') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-prev-http3-no-deprecated
env:
cache-name: cache-openssl-prev-http3-no-deprecated
with:
path: ~/openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_PREV_VERSION }}
fail-on-cache-miss: true
- name: 'cache libressl'
if: ${{ contains(matrix.build.name, 'libressl') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache awslc'
if: ${{ contains(matrix.build.name, 'awslc') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@ -646,6 +614,38 @@ jobs:
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }}-${{ env.NETTLE_VERSION }}
fail-on-cache-miss: true
- name: 'cache libressl'
if: ${{ contains(matrix.build.name, 'libressl') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-libressl
env:
cache-name: cache-libressl
with:
path: ~/libressl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache openssl'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-http3-no-deprecated
env:
cache-name: cache-openssl-http3-no-deprecated
with:
path: ~/openssl/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache openssl-prev'
if: ${{ contains(matrix.build.name, 'openssl-prev') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-openssl-prev-http3-no-deprecated
env:
cache-name: cache-openssl-prev-http3-no-deprecated
with:
path: ~/openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_PREV_VERSION }}
fail-on-cache-miss: true
- name: 'cache wolfssl'
if: ${{ contains(matrix.build.name, 'wolfssl') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@ -678,17 +678,6 @@ jobs:
${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}"
fail-on-cache-miss: true
- name: 'cache ngtcp2 openssl-prev'
if: ${{ contains(matrix.build.name, 'openssl-prev') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-ngtcp2-openssl-prev
env:
cache-name: cache-ngtcp2-openssl-prev
with:
path: ~/ngtcp2-openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_PREV_VERSION }}
fail-on-cache-miss: true
- name: 'cache ngtcp2 boringssl'
if: ${{ contains(matrix.build.name, 'boringssl') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@ -700,6 +689,17 @@ jobs:
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }}
fail-on-cache-miss: true
- name: 'cache ngtcp2 openssl-prev'
if: ${{ contains(matrix.build.name, 'openssl-prev') }}
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-ngtcp2-openssl-prev
env:
cache-name: cache-ngtcp2-openssl-prev
with:
path: ~/ngtcp2-openssl-prev/build
key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_PREV_VERSION }}
fail-on-cache-miss: true
- name: 'cache nghttp2'
uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
id: cache-nghttp2

146
.github/workflows/linux.yml vendored
View file

@ -34,29 +34,29 @@ env:
CURL_CI: github
CURL_TEST_MIN: 1660
DO_NOT_TRACK: '1'
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
AWSLC_VERSION: 1.73.0
# renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
BORINGSSL_VERSION: 0.20260508.0
# renovate: datasource=github-releases depName=pizlonator/fil-c versioning=semver-coerced registryUrl=https://github.com
FIL_C_VERSION: 0.678
# renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com
LIBRESSL_VERSION: 4.3.1
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
WOLFSSL_VERSION: 5.9.1
# renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com
MBEDTLS_VERSION: 4.0.0
# manually bumped
MBEDTLS_PREV_VERSION: 3.6.5
MBEDTLS_PREV_SHA256: 4a11f1777bb95bf4ad96721cac945a26e04bf19f57d905f241fe77ebeddf46d8
# renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
AWSLC_VERSION: 1.73.0
# renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
BORINGSSL_VERSION: 0.20260508.0
# renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
NGHTTP2_VERSION: 1.69.0
# handled in renovate.json
OPENLDAP_VERSION: 2.6.10
# renovate: datasource=github-releases depName=openssl/openssl versioning=semver extractVersion=^openssl-(?<version>.+)$ registryUrl=https://github.com
OPENSSL_VERSION: 4.0.0
# renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com
RUSTLS_VERSION: 0.15.3
# handled in renovate.json
OPENLDAP_VERSION: 2.6.10
# renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
NGHTTP2_VERSION: 1.69.0
# renovate: datasource=github-releases depName=pizlonator/fil-c versioning=semver-coerced registryUrl=https://github.com
FIL_C_VERSION: 0.678
# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?<version>.+)-stable$ registryUrl=https://github.com
WOLFSSL_VERSION: 5.9.1
jobs:
linux:
@ -72,6 +72,20 @@ jobs:
fail-fast: false
matrix:
build:
- name: 'awslc'
install_steps: awslc pytest
LDFLAGS: -Wl,-rpath,/home/runner/awslc/lib
configure: --with-openssl=/home/runner/awslc --enable-ech --enable-ntlm
- name: 'awslc'
install_packages: libidn2-dev
install_steps: awslc
generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF -DCURL_DROP_UNUSED=ON -DCURL_PATCHSTAMP=test-patch -DCURL_ENABLE_NTLM=ON
- name: 'boringssl'
install_steps: boringssl pytest
generate: -DOPENSSL_ROOT_DIR=/home/runner/boringssl -DUSE_ECH=ON -DCURL_ENABLE_NTLM=ON
- name: 'libressl krb5'
image: ubuntu-24.04-arm
install_packages: libidn2-dev libnghttp2-dev libldap-dev libkrb5-dev
@ -101,27 +115,17 @@ jobs:
LDFLAGS: -Wl,-rpath,/home/runner/libressl/lib
configure: --with-openssl=/home/runner/libressl --enable-debug
- name: 'wolfssl-all'
image: ubuntu-24.04-arm
install_steps: wolfssl-all-arm
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-all/lib
configure: --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug
- name: 'wolfssl-opensslextra valgrind 1'
image: ubuntu-24.04-arm
install_packages: valgrind
install_steps: wolfssl-opensslextra-arm
tflags: '--min=815 1 to 1000'
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib
configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
- name: 'wolfssl-opensslextra valgrind 2'
image: ubuntu-24.04-arm
install_packages: valgrind
install_steps: wolfssl-opensslextra-arm
tflags: '--min=835 1001 to 9999'
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib
configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
- name: 'libressl Fil-C'
install_steps: filc libressl-filc nghttp2-filc pytest
tflags: '!776' # adds 1-9 minutes to the test run step, and fails consistently
CC: /home/runner/filc/build/bin/filcc
PKG_CONFIG_PATH: /home/runner/nghttp2/lib/pkgconfig
generate: >-
-DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
-DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF
-DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
-DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF
-DCURL_ENABLE_NTLM=ON
- name: 'mbedtls gss valgrind 1'
image: ubuntu-24.04-arm
@ -167,19 +171,44 @@ jobs:
-DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF
-DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON
- name: 'awslc'
install_steps: awslc pytest
LDFLAGS: -Wl,-rpath,/home/runner/awslc/lib
configure: --with-openssl=/home/runner/awslc --enable-ech --enable-ntlm
- name: 'rustls valgrind 1'
install_packages: libnghttp2-dev libldap-dev valgrind
install_steps: rust rustls
tflags: '--min=820 1 to 1000'
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
- name: 'awslc'
install_packages: libidn2-dev
install_steps: awslc
generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF -DCURL_DROP_UNUSED=ON -DCURL_PATCHSTAMP=test-patch -DCURL_ENABLE_NTLM=ON
- name: 'rustls valgrind 2'
install_packages: libnghttp2-dev libldap-dev valgrind
install_steps: rust rustls
tflags: '--min=830 1001 to 9999'
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
- name: 'boringssl'
install_steps: boringssl pytest
generate: -DOPENSSL_ROOT_DIR=/home/runner/boringssl -DUSE_ECH=ON -DCURL_ENABLE_NTLM=ON
- name: 'rustls'
install_packages: libnghttp2-dev libldap-dev
install_steps: rust rustls skiprun pytest
configure: --with-rustls --enable-ech --enable-debug
- name: 'wolfssl-all'
image: ubuntu-24.04-arm
install_steps: wolfssl-all-arm
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-all/lib
configure: --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug
- name: 'wolfssl-opensslextra valgrind 1'
image: ubuntu-24.04-arm
install_packages: valgrind
install_steps: wolfssl-opensslextra-arm
tflags: '--min=815 1 to 1000'
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib
configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
- name: 'wolfssl-opensslextra valgrind 2'
image: ubuntu-24.04-arm
install_packages: valgrind
install_steps: wolfssl-opensslextra-arm
tflags: '--min=835 1001 to 9999'
LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib
configure: --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug
- name: 'openssl default'
install_steps: pytest
@ -287,18 +316,6 @@ jobs:
tflags: '--min=500'
configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
- name: 'libressl Fil-C'
install_steps: filc libressl-filc nghttp2-filc pytest
tflags: '!776' # adds 1-9 minutes to the test run step, and fails consistently
CC: /home/runner/filc/build/bin/filcc
PKG_CONFIG_PATH: /home/runner/nghttp2/lib/pkgconfig
generate: >-
-DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
-DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF
-DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
-DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF
-DCURL_ENABLE_NTLM=ON
- name: 'clang-tidy'
install_packages: clang-20 clang-tidy-20 libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libkrb5-dev libgnutls28-dev
install_steps: skiprun mbedtls-latest-intel rustls wolfssl-opensslextra-intel
@ -412,23 +429,6 @@ jobs:
configure: --enable-debug --enable-static --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
tflags: '-n --test-duphandle'
- name: 'rustls valgrind 1'
install_packages: libnghttp2-dev libldap-dev valgrind
install_steps: rust rustls
tflags: '--min=820 1 to 1000'
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
- name: 'rustls valgrind 2'
install_packages: libnghttp2-dev libldap-dev valgrind
install_steps: rust rustls
tflags: '--min=830 1001 to 9999'
generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON
- name: 'rustls'
install_packages: libnghttp2-dev libldap-dev
install_steps: rust rustls skiprun pytest
configure: --with-rustls --enable-ech --enable-debug
- name: 'IntelC openssl'
install_packages: libssl-dev
install_steps: intelc