x509_trust.c: extend trust_compat() to allow for id-alg-noSignature a… #1840
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. | |
# | |
# Licensed under the Apache License 2.0 (the "License"). You may not use | |
# this file except in compliance with the License. You can obtain a copy | |
# in the file LICENSE in the source distribution or at | |
# https://www.openssl.org/source/license.html | |
name: Windows GitHub CI | |
on: [pull_request, push] | |
permissions: | |
contents: read | |
jobs: | |
shared: | |
# Run a job for each of the specified target architectures: | |
strategy: | |
matrix: | |
platform: | |
- arch: win64 | |
os: windows-2019 | |
config: enable-fips | |
- arch: win64 | |
os: windows-2022 | |
config: enable-fips no-thread-pool no-quic | |
- arch: win32 | |
os: windows-2022 | |
config: --strict-warnings no-fips | |
runs-on: ${{ github.server_url == 'https://github.com' && matrix.platform.os || format('{0}-self-hosted', matrix.platform.os) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- uses: ilammy/msvc-dev-cmd@v1 | |
with: | |
arch: ${{ matrix.platform.arch }} | |
- uses: ilammy/setup-nasm@v1 | |
with: | |
platform: ${{ matrix.platform.arch }} | |
- name: prepare the build directory | |
run: mkdir _build | |
- name: config | |
working-directory: _build | |
run: | | |
perl ..\Configure --banner=Configured no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }} | |
perl configdata.pm --dump | |
- name: build | |
working-directory: _build | |
run: nmake /S | |
- name: download coreinfo | |
uses: suisei-cn/[email protected] | |
with: | |
url: "https://download.sysinternals.com/files/Coreinfo.zip" | |
target: _build/coreinfo/ | |
- name: Gather openssl version info | |
working-directory: _build | |
run: | | |
apps/openssl.exe version -v | |
apps/openssl.exe version -v | %{($_ -split '\s+')[1]} | |
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} | |
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append | |
- name: Set registry keys | |
working-directory: _build | |
run: | | |
echo ${Env:OSSL_VERSION} | |
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32 | |
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32 | |
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32 | |
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32 | |
- name: get cpu info | |
working-directory: _build | |
continue-on-error: true | |
run: | | |
7z.exe x coreinfo/Coreinfo.zip | |
./Coreinfo64.exe -accepteula -f | |
./apps/openssl.exe version -c | |
- name: Check platform symbol usage | |
working-directory: _build | |
run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll | |
- name: test | |
working-directory: _build | |
run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 | |
- name: install | |
# Run on 64 bit only as 32 bit is slow enough already | |
if: ${{ matrix.platform.arch == 'win64' }} | |
run: | | |
mkdir _dest | |
nmake install DESTDIR=_dest | |
working-directory: _build | |
plain: | |
strategy: | |
matrix: | |
os: | |
# Reducing CI footprint - windows-2019 | |
- windows-2022 | |
runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- uses: ilammy/msvc-dev-cmd@v1 | |
- name: prepare the build directory | |
run: mkdir _build | |
- name: config | |
working-directory: _build | |
run: | | |
perl ..\Configure --banner=Configured enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm | |
perl configdata.pm --dump | |
- name: build | |
working-directory: _build | |
run: nmake /S | |
- name: download coreinfo | |
uses: suisei-cn/[email protected] | |
with: | |
url: "https://download.sysinternals.com/files/Coreinfo.zip" | |
target: _build/coreinfo/ | |
- name: get cpu info | |
working-directory: _build | |
continue-on-error: true | |
run: | | |
7z.exe x coreinfo/Coreinfo.zip | |
./Coreinfo64.exe -accepteula -f | |
./apps/openssl.exe version -c | |
- name: test | |
working-directory: _build | |
run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4 | |
minimal: | |
strategy: | |
matrix: | |
os: | |
- windows-2019 | |
# Reducing CI footprint - windows-2022 | |
runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: checkout fuzz/corpora submodule | |
run: git submodule update --init --depth 1 fuzz/corpora | |
- uses: ilammy/msvc-dev-cmd@v1 | |
- name: prepare the build directory | |
run: mkdir _build | |
- name: config | |
working-directory: _build | |
run: | | |
perl ..\Configure --banner=Configured enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl | |
perl configdata.pm --dump | |
- name: build | |
working-directory: _build | |
run: nmake # verbose, so no /S here | |
- name: download coreinfo | |
uses: suisei-cn/[email protected] | |
with: | |
url: "https://download.sysinternals.com/files/Coreinfo.zip" | |
target: _build/coreinfo/ | |
- name: get cpu info | |
working-directory: _build | |
continue-on-error: true | |
run: | | |
7z.exe x coreinfo/Coreinfo.zip | |
./Coreinfo64.exe -accepteula -f | |
./apps/openssl.exe version -c | |
- name: test | |
working-directory: _build | |
run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4 | |
cygwin: | |
# Run a job for each of the specified target architectures: | |
strategy: | |
matrix: | |
os: | |
- windows-2019 | |
# really worth while running, too? cygwin should mask this | |
# - windows-2022 | |
platform: | |
- arch: win64 | |
config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips | |
# are we really learning sth new from win32? So let's save some CO2 for now disabling this | |
# - arch: win32 | |
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips | |
runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }} | |
env: | |
CYGWIN_NOWINPATH: 1 | |
SHELLOPTS: igncr | |
# Don't overwhelm github CI VMs: | |
MAKE_PARAMS: -j 4 | |
steps: | |
# Checkout before cygwin can mess with PATH... | |
- uses: actions/checkout@v4 | |
- uses: cygwin/cygwin-install-action@master | |
with: | |
packages: perl git make gcc-core | |
- name: Check repo | |
run: cygcheck -V | |
- name: Full cygcheck status | |
run: cygcheck -s -v -r -h | |
# Activate this if checkout action fails: | |
# - name: Clone repo | |
# run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git" | |
- name: Full build | |
run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS" | |
# Disable testing for now. TBD: Need local cygwin installation to debug . | |
# - name: Run openssl tests | |
# run: bash -c "cd openssl && make V=1 test" |