From patchwork Fri Apr 17 11:09:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4895 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:22cd:b0:84a:48f:a1fd with SMTP id p13csp332478mag; Fri, 17 Apr 2026 04:10:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+e9xVS/TQXVuJFv/Vr50wAhlBzNs2fO9iKb11TX2QRPjM77LshB/CnvkDyJ0O2UDnBM3tuZVZQJlI=@openvpn.net X-Received: by 2002:a05:6830:3694:b0:7d7:4b31:fc0a with SMTP id 46e09a7af769-7dc94d7f67dmr1626245a34.6.1776424223129; Fri, 17 Apr 2026 04:10:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776424223; cv=none; d=google.com; s=arc-20240605; b=OXgi8KdhUpoTf6Hzu+pnaRjq7P0D/YLR2JZeyQSAdxgFaPHhiFrShWlAcGUFTT+Uhr fY/+Bmb0CPPiFagrTGmXIWnyUmA7pHtGj9daRdTHGAt54yYmos4pM8x394HRrHZvRQBu jYSZ5w9hxflC4va+byHEIl1irSSHSoGTj5OoXSzGzENmRD6IFNtqEWbOaSmCBOhiOIJ5 Oj3H8H9FPti5HwvTL4//zDDtlw7C3qPJ6BrPB+ECq5/vhA/zsAkPOMRQAOw/9XKOAex0 j8Mh/AEJyQs+7oiB3riC2cKTzQp3Mf1xcFuX6WKQCRtgMY7MQxd6RftCam/JGBYfQOUt rKmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=meoPsxpe8sBzVPB2wfwrx2QNDS9sqIdswt+LpJ++E0A=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=QF+Iz5WdfqKZH95AdlIzCahN2IhrdI4/bmiRmjubzF6PVgeCFM9JXxx7LxgTkahXTa vPPZ8/EOZb0+j9ybSUI+cLp/E8jm7LL6WJH/rIkMXuWPctFVYjLGSHnk2DrIq/JNYv12 rbEbDc0eM1wlzEd3MxrGUDKiz0hAeDQk100aJk0bosdsA39g+VKx//UXT7pL9wRrtZib X9l44ZjZIXDkLMLArRrEYPVoPnNJA4+1WmrM69vYADCHQFrRSzrnvmLs60rGoW0g+tXG VsmhErhRho564hxUKbpmyhd2RMJpryy9H9yiza3S1MxEufTA/i55f0k+LJHyRzPrRv8V 3avQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="XDPP/CYA"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="eIzU/Bwy"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CgydYWkR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7dc97504e69si752368a34.4.2026.04.17.04.10.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Apr 2026 04:10:22 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="XDPP/CYA"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="eIzU/Bwy"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=CgydYWkR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=meoPsxpe8sBzVPB2wfwrx2QNDS9sqIdswt+LpJ++E0A=; b=XDPP/CYAkpliAy6/4Q8IeFoZg9 R2OX92A25byEq3KK7oFnZ5uOaYo0dlMTYDOlzZ7AaWpDP7vspvKxajlSYSJq/euVIHIF4CcmvQrHc j79ppSY3P4I3O9/8sPSMrH3oyJAr93gUPY/yWn7Rp/7Ny7fQmBwUiHsj+e2Ys28CCAqg=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wDh5U-00043J-GE; Fri, 17 Apr 2026 11:10:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wDh5F-00041L-Lm for openvpn-devel@lists.sourceforge.net; Fri, 17 Apr 2026 11:10:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=TuCrXMS2hLzxhkjZvBEV6Kw/xhKXhfgTcrgLtyrA5pY=; b=eIzU/BwyggDLTlT9WVimSUrFCb qUfyHlCaNP62/vf9NAfuZahACKTKxguAAd9I/hX337euk88lF9qT/i/UdTPZnx9YbnKn2xAYl4ZEL jsK3LTgScsScuY307Pf/82NSC/q8rpS9/gVSNzbMpXUQH/WRgP/w79UTNmJixHuODQVU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TuCrXMS2hLzxhkjZvBEV6Kw/xhKXhfgTcrgLtyrA5pY=; b=CgydYWkR29ZYP/cOcvo2/x0j/V 5glpzMfaEbf3M3CBtpuTm+NnCp1vgtGJd6vzNfbE+NZDUxEbyL4bxXbBNjNwhf9aXyh+28LPecOAy rdhiwW96enGmab2ubxkJpA8EERcrK5qXtqTKX8+kP0mEsNGHcNtX+77HzsfjSg8caK+o=; Received: from [193.149.48.129] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wDh58-0005fx-Iz for openvpn-devel@lists.sourceforge.net; Fri, 17 Apr 2026 11:09:55 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63HB9gXg016553 for ; Fri, 17 Apr 2026 13:09:42 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63HB9gcZ016552 for openvpn-devel@lists.sourceforge.net; Fri, 17 Apr 2026 13:09:42 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 17 Apr 2026 13:09:36 +0200 Message-ID: <20260417110942.16538-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Change-Id: Ic9c993cb8dcfedfd6f99f416c286e0968eb45255 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1wDh58-0005fx-Iz Subject: [Openvpn-devel] [PATCH v3] GHA: Add OpenSSL 4.0 build X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1862715805851494128?= X-GMAIL-MSGID: =?utf-8?q?1862715805851494128?= From: Arne Schwabe Change-Id: Ic9c993cb8dcfedfd6f99f416c286e0968eb45255 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1601 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1601 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 186662d..365e72a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -390,6 +390,87 @@ - name: make check run: make -j3 check VERBOSE=1 + openssl: + strategy: + fail-fast: false + matrix: + os: [ubuntu-24.04] + ssllib: [openssl] + build: [ normal, asan ] + configureflags: ["--with-openssl-engine=no"] + include: + - build: asan + cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1" + ldflags: -fsanitize=address -fno-sanitize-recover=all + cc: clang + - build: normal + cflags: "-O2 -g" + ldflags: "" + cc: gcc + + name: "${{matrix.cc}} ${{matrix.build}} - ${{matrix.os}} - ${{matrix.ssllib}} - 4.0" + runs-on: ${{matrix.os}} + env: + CFLAGS: ${{ matrix.cflags }} + LDFLAGS: ${{ matrix.ldflags }} + CC: ${{matrix.cc}} + UBSAN_OPTIONS: print_stacktrace=1 + # versioning=semver-coerced + OPENSSL_REPO: openssl/openssl + OPENSSL_VERSION: openssl-4.0.0-beta1 + OPENSSL_INSTALL: /opt/openssl + + steps: + - name: Install dependencies + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev linux-libc-dev man2html clang libcmocka-dev python3-docutils libtool automake autoconf pkg-config libcap-ng-dev libnl-genl-3-dev + - name: Restore OpenSSL 4.0 from cache + uses: actions/cache@v5 + id: openssl-cache + with: + path: ${{ env.OPENSSL_INSTALL }} + key: ${{ matrix.os }}-openssl-${{matrix.build }}-${{ env.OPENSSL_VERSION }} + - name: "openssl: checkout" + if: steps.openssl-cache.outputs.cache-hit != 'true' + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + path: openssl + repository: ${{ env.OPENSSL_REPO }} + ref: ${{ env.OPENSSL_VERSION }} + - name: "openssl: configure" + if: steps.openssl-cache.outputs.cache-hit != 'true' + run: ./Configure --prefix=${{ env.OPENSSL_INSTALL }} --libdir=${{ env.OPENSSL_INSTALL }}/lib --openssldir=${{ env.OPENSSL_INSTALL }} -g + working-directory: openssl + - name: "openssl: make all" + if: steps.openssl-cache.outputs.cache-hit != 'true' + run: make -j3 + working-directory: openssl + - name: "openssl: make install" + if: steps.openssl-cache.outputs.cache-hit != 'true' + run: sudo make install + working-directory: openssl + - name: "ldconfig" + run: sudo ldconfig + - name: Checkout OpenVPN + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: autoconf + run: autoreconf -fvi + - name: configure + run: | + OPENSSL_CFLAGS="-I${{ env.OPENSSL_INSTALL }}/include" \ + OPENSSL_LIBS="-L${{ env.OPENSSL_INSTALL }}/lib -lssl -lcrypto" \ + LDFLAGS="-Wl,-rpath=${{ env.OPENSSL_INSTALL }}/lib" \ + ./configure --with-crypto-library=openssl --enable-werror ${{matrix.configureflags}} + - name: make all + run: make -j3 + - name: Ensure the build uses Openssl + run: | + ./src/openvpn/openvpn --version + ./src/openvpn/openvpn --version | grep -q "library versions: OpenSSL 4.0" + - name: configure checks + run: echo 'RUN_SUDO="sudo -E"' >tests/t_server_null.rc + - name: make check + run: make -j3 check VERBOSE=1 + mbedtls4: strategy: fail-fast: false