diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml index 81c38ef4e4..6dbba202d0 100644 --- a/.github/workflows/http3-linux.yml +++ b/.github/workflows/http3-linux.yml @@ -37,6 +37,8 @@ env: CURL_TEST_MIN: 1600 # handled in renovate.json OPENSSL_VERSION: 3.6.1 + # manually bumped + OPENSSL4_VERSION: 4.0.0-beta1 # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com LIBRESSL_VERSION: 4.2.1 # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com @@ -73,6 +75,15 @@ jobs: path: ~/openssl/build key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + - name: 'cache openssl4' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openssl4-http3-no-deprecated + env: + cache-name: cache-openssl4-http3-no-deprecated + with: + path: ~/openssl4/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + - name: 'cache libressl' uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 id: cache-libressl @@ -146,6 +157,15 @@ jobs: key: "${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-\ ${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}" + - name: 'cache ngtcp2 openssl4' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2-openssl4 + env: + cache-name: cache-ngtcp2-openssl4 + with: + path: ~/ngtcp2-openssl4/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} + - name: 'cache ngtcp2 boringssl' uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 id: cache-ngtcp2-boringssl @@ -168,6 +188,7 @@ jobs: - id: settings if: >- ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' || + steps.cache-openssl4-http3-no-deprecated.outputs.cache-hit != 'true' || steps.cache-libressl.outputs.cache-hit != 'true' || steps.cache-awslc.outputs.cache-hit != 'true' || steps.cache-boringssl.outputs.cache-hit != 'true' || @@ -176,6 +197,7 @@ jobs: steps.cache-wolfssl.outputs.cache-hit != 'true' || steps.cache-nghttp3.outputs.cache-hit != 'true' || steps.cache-ngtcp2.outputs.cache-hit != 'true' || + steps.cache-ngtcp2-openssl4.outputs.cache-hit != 'true' || steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' || steps.cache-nghttp2.outputs.cache-hit != 'true' }} @@ -206,6 +228,16 @@ jobs: make make -j1 install_sw + - name: 'build openssl4' + if: ${{ steps.cache-openssl4-http3-no-deprecated.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "openssl-${OPENSSL4_VERSION}" https://github.com/openssl/openssl openssl4 + cd openssl4 + ./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated + make + make -j1 install_sw + - name: 'build libressl' if: ${{ steps.cache-libressl.outputs.cache-hit != 'true' }} run: | @@ -317,6 +349,18 @@ jobs: BORINGSSL_CFLAGS='-I/home/runner/awslc/build/include' make install + - name: 'build ngtcp2 openssl4' + if: ${{ steps.cache-ngtcp2-openssl4.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 ngtcp2-openssl4 + cd ngtcp2-openssl4 + autoreconf -fi + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only \ + PKG_CONFIG_PATH=/home/runner/openssl4/build/lib/pkgconfig \ + --with-openssl + make install + - name: 'build ngtcp2 boringssl' if: ${{ steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' }} run: | @@ -376,6 +420,26 @@ jobs: -DCURL_DISABLE_LDAP=ON -DCMAKE_UNITY_BUILD=ON + - name: 'openssl4' + install_steps: skipall + LDFLAGS: -Wl,-rpath,/home/runner/openssl4/build/lib + PKG_CONFIG_PATH: "/home/runner/openssl4/build/lib/pkgconfig:\ + /home/runner/nghttp3/build/lib/pkgconfig:\ + /home/runner/nghttp2-openssl4/build/lib/pkgconfig" + configure: >- + --with-openssl=/home/runner/openssl4/build --with-ngtcp2=/home/runner/ngtcp2-openssl4/build --enable-ech --enable-ssls-export + + - name: 'openssl4' + tflags: '--min=1640' + PKG_CONFIG_PATH: "/home/runner/openssl4/build/lib/pkgconfig:\ + /home/runner/nghttp3/build/lib/pkgconfig:\ + /home/runner/ngtcp2-openssl4/build/lib/pkgconfig:\ + /home/runner/nghttp2/build/lib/pkgconfig" + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/openssl4/build -DUSE_NGTCP2=ON + -DCURL_DISABLE_LDAP=ON + -DUSE_ECH=ON + - name: 'libressl' install_steps: skipall LDFLAGS: -Wl,-rpath,/home/runner/libressl/build/lib @@ -509,6 +573,17 @@ jobs: key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} fail-on-cache-miss: true + - name: 'cache openssl4' + if: ${{ contains(matrix.build.name, 'openssl4') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openssl4-http3-no-deprecated + env: + cache-name: cache-openssl4-http3-no-deprecated + with: + path: ~/openssl4/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + fail-on-cache-miss: true + - name: 'cache libressl' if: ${{ contains(matrix.build.name, 'libressl') }} uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 @@ -596,6 +671,17 @@ jobs: ${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }}" fail-on-cache-miss: true + - name: 'cache ngtcp2 openssl4' + if: ${{ contains(matrix.build.name, 'openssl4') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2-openssl4 + env: + cache-name: cache-ngtcp2-openssl4 + with: + path: ~/ngtcp2-openssl4/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} + fail-on-cache-miss: true + - name: 'cache ngtcp2 boringssl' if: ${{ contains(matrix.build.name, 'boringssl') }} uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3