mirror of
https://github.com/servo/servo.git
synced 2025-08-06 14:10:11 +01:00
Auto merge of #25736 - Darkspirit:ossl, r=jdm
Add OpenSSL 1.1.1 build check, Update HSTS Preload list
* This variant also works with cross-compilation. PR should fail in CI on Android at first:
The net crate successfully compiled after switching to OpenSSL 1.1.1 on Android. It seemed openssl.sh doesn't need any changes.(?)
* Updated HSTS preload list and public suffix list.
* Configured OpenSSL [SECLEVEL=2](https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html) like [Debian](https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1) Stable:
> As a result RSA, DSA and DH keys shorter than [2048 bits](16a5a9bb78/docs/BR.md (6153-subscriber-certificates)
) and ECC keys shorter than 224 bits are prohibited.
* Although all other crates compile I generally get a `libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8` error on simpleservo_jniapi, I guess Debian Testing is too new and I just haven't found the right steps so far.
./mach build -d --android
```
= note: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/lib/gcc/arm-linux-androideabi/4.9.x/../../../../arm-linux-androideabi/bin/ld.gold: error: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/deps/libscript-fe019dd3e0a4e06d.rlib: bad extended name index at 8
clang: error: linker command failed with exit code 1 (use -v to see invocation)
toolchain: /home/darkspirit/github/servo/android-toolchains/ndk/toolchains/llvm/prebuilt/linux-x86_64/bin
libs dir: /home/darkspirit/github/servo/android-toolchains/ndk/sources/cxx-stl/llvm-libc++/libs/armeabi-v7a
sysroot: /home/darkspirit/github/servo/android-toolchains/ndk/platforms/android-21/arch-arm
targetdir: /home/darkspirit/github/servo/target/android/armv7-linux-androideabi/debug/build/simpleservo_jniapi-26ef18debb5b3630/out/../../..
```
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #25708, fix #25619.
This commit is contained in:
commit
cdd5dc17aa
8 changed files with 33831 additions and 15333 deletions
|
@ -6,6 +6,7 @@ license = "MPL-2.0"
|
|||
edition = "2018"
|
||||
publish = false
|
||||
autotests = false # Inhibit lookup for tests/*.rs without [[test]] sections
|
||||
build = "build.rs"
|
||||
|
||||
[lib]
|
||||
name = "net"
|
||||
|
@ -43,6 +44,7 @@ mime_guess = "2.0.0-alpha.6"
|
|||
msg = {path = "../msg"}
|
||||
net_traits = {path = "../net_traits"}
|
||||
openssl = "0.10"
|
||||
openssl-sys = "0.9"
|
||||
percent-encoding = "2.0"
|
||||
pixels = {path = "../pixels"}
|
||||
profile_traits = {path = "../profile_traits"}
|
||||
|
|
16
components/net/build.rs
Normal file
16
components/net/build.rs
Normal file
|
@ -0,0 +1,16 @@
|
|||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
||||
|
||||
fn main() {
|
||||
let version =
|
||||
std::env::var("DEP_OPENSSL_VERSION_NUMBER").expect("missing DEP_OPENSSL_VERSION_NUMBER");
|
||||
let actual = u64::from_str_radix(&version, 16).unwrap();
|
||||
let minimum = 0x10101000;
|
||||
if actual < minimum {
|
||||
panic!(
|
||||
"Your OpenSSL version is older than 1.1.1 ({:x}), you have: {:x}",
|
||||
minimum, actual
|
||||
);
|
||||
}
|
||||
}
|
|
@ -21,7 +21,7 @@ const TLS1_2_CIPHERSUITES: &'static str = concat!(
|
|||
"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:",
|
||||
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:",
|
||||
"ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:",
|
||||
"ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA"
|
||||
"ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA@SECLEVEL=2"
|
||||
);
|
||||
const SIGNATURE_ALGORITHMS: &'static str = concat!(
|
||||
"ed448:ed25519:",
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue