mod_ssl: Add SSLClientHelloVars directive which exposes various #1167
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Linux | |
on: | |
push: | |
branches: [ "*" ] | |
paths-ignore: | |
- 'docs/**' | |
- STATUS | |
- CHANGES | |
- changes-entries/* | |
tags: | |
- 2.* | |
pull_request: | |
branches: [ "trunk", "2.4.x" ] | |
paths-ignore: | |
- 'docs/**' | |
- STATUS | |
- CHANGES | |
- changes-entries/* | |
env: | |
MARGS: "-j2" | |
CFLAGS: "-g" | |
# This will need updating as the ubuntu-latest image changes: | |
PHP_FPM: "/usr/sbin/php-fpm8.1" | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# ------------------------------------------------------------------------- | |
- name: Empty APLOGNO() test | |
env: | | |
SKIP_TESTING=1 | |
TEST_LOGNO=1 | |
# ------------------------------------------------------------------------- | |
- name: Default | |
# ------------------------------------------------------------------------- | |
- name: All-static modules | |
config: --enable-mods-static=reallyall | |
# ------------------------------------------------------------------------- | |
- name: Prefork MPM, all-modules (except cgid) | |
config: --enable-mods-shared=reallyall --with-mpm=prefork --disable-cgid | |
# ------------------------------------------------------------------------- | |
- name: Worker MPM, all-modules | |
config: --enable-mods-shared=reallyall --with-mpm=worker | |
# ------------------------------------------------------------------------- | |
- name: Shared MPMs, all-modules | |
config: --enable-mods-shared=reallyall --enable-mpms-shared=all | |
# ------------------------------------------------------------------------- | |
- name: Event MPM, all-modules, mod_cgid only | |
config: --enable-mods-shared=reallyall --with-mpm=event --disable-cgi | |
# ------------------------------------------------------------------------- | |
- name: Event MPM, all-modules, no CMSG_DATA | |
config: --enable-mods-shared=reallyall --with-mpm=event ac_cv_have_decl_CMSG_DATA=no | |
# ------------------------------------------------------------------------- | |
- name: Default, all-modules + install | |
config: --enable-mods-shared=reallyall | |
env: | | |
TEST_INSTALL=1 | |
APACHE_TEST_EXTRA_ARGS=-v | |
# ------------------------------------------------------------------------- | |
- name: Default, all-modules, random test order | |
config: --enable-mods-shared=reallyall | |
env: | | |
TEST_ARGS=-order=random | |
# ------------------------------------------------------------------------- | |
- name: GCC 10 maintainer-mode w/-Werror, install + VPATH | |
config: --enable-mods-shared=reallyall --enable-maintainer-mode | |
notest-cflags: -Werror -O2 | |
env: | | |
CC=gcc-10 | |
TEST_VPATH=1 | |
TEST_INSTALL=1 | |
SKIP_TESTING=1 | |
# ------------------------------------------------------------------------- | |
- name: All-modules, APR 1.7.4, APR-util 1.6.3 | |
config: --enable-mods-shared=reallyall | |
env: | | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--with-crypto --with-ldap" | |
# ------------------------------------------------------------------------- | |
- name: APR 1.8.x, APR-util 1.7.x | |
config: --enable-mods-shared=reallyall | |
env: | | |
APR_VERSION=1.8.x | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: Pool-debug | |
config: --enable-mods-shared=reallyall | |
env: | | |
APR_VERSION=1.7.x | |
APR_CONFIG="--enable-pool-debug" | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: Shared MPMs (event), pool-debug, SSL/TLS variants | |
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=event | |
env: | | |
APR_VERSION=1.7.x | |
APR_CONFIG="--enable-pool-debug" | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
TEST_SSL=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: Shared MPMs (worker), pool-debug, SSL/TLS variants | |
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=worker | |
env: | | |
APR_VERSION=1.7.x | |
APR_CONFIG="--enable-pool-debug" | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
TEST_SSL=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: Shared MPMs (prefork), pool-debug, SSL/TLS variants | |
config: --enable-mods-shared=reallyall --enable-mpms-shared=all --with-mpm=prefork | |
env: | | |
APR_VERSION=1.7.x | |
APR_CONFIG="--enable-pool-debug" | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
TEST_SSL=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: litmus WebDAV tests | |
config: --enable-dav --enable-dav-fs | |
env: | | |
LITMUS=1 | |
TESTS="t/modules/dav.t" | |
pkgs: litmus | |
# ------------------------------------------------------------------------- | |
- name: litmus WebDAV tests, APR trunk, LMDB | |
config: --enable-dav --enable-dav-fs | |
pkgs: litmus liblmdb-dev | |
env: | | |
APR_VERSION=trunk | |
APR_CONFIG="--with-lmdb --with-dbm=lmdb" | |
LITMUS=1 | |
TESTS="t/modules/dav.t" | |
# ------------------------------------------------------------------------- | |
# MFLAGS= works around https://bz.apache.org/bugzilla/show_bug.cgi?id=63942 | |
## TODO if: *condition_not_24x | |
- name: Regenerate ap_expr | |
config: --enable-mods-shared=reallyall --enable-maintainer-mode | |
notest-cflags: -Werror -Wno-deprecated-declarations | |
env: | | |
BUILDCONFIG="--with-regen-expr" | |
MFLAGS= | |
# ------------------------------------------------------------------------- | |
- name: APR 1.7.4, APR-util 1.6.3, LDAP | |
config: --enable-mods-shared=reallyall | |
pkgs: ldap-utils | |
env: | | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
TEST_LDAP=1 | |
TEST_ARGS="-defines LDAP" | |
TESTS="t/modules/" | |
# ------------------------------------------------------------------------- | |
- name: APR 1.7.x, APR-util 1.7.x, LDAP | |
config: --enable-mods-shared=reallyall | |
pkgs: ldap-utils | |
env: | | |
APR_VERSION=1.7.x | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_MALLOC=1 | |
TEST_LDAP=1 | |
TEST_ARGS="-defines LDAP" | |
TESTS="t/modules/" | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
### TODO: if: *condition_not_24x | |
- name: APR trunk thread debugging | |
config: --enable-mods-shared=reallyall --with-mpm=event | |
env: | | |
APR_VERSION=trunk | |
APR_CONFIG="--with-crypto --enable-thread-debug" | |
# ------------------------------------------------------------------------- | |
- name: UBSan | |
notest-cflags: -fsanitize=undefined -fno-sanitize-recover=undefined | |
config: --enable-mods-shared=reallyall --disable-http2 | |
env: | | |
NOTEST_LIBS=-lubsan | |
TEST_UBSAN=1 | |
# ------------------------------------------------------------------------- | |
- name: ASan | |
notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer | |
config: --enable-mods-shared=reallyall | |
env: | | |
APR_VERSION=1.7.x | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_ASAN=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: ASan, pool-debug | |
notest-cflags: -ggdb -fsanitize=address -fno-sanitize-recover=address -fno-omit-frame-pointer | |
config: --enable-mods-shared=reallyall | |
env: | | |
APR_VERSION=1.7.x | |
APR_CONFIG="--enable-pool-debug" | |
APU_VERSION=1.7.x | |
APU_CONFIG="--with-crypto --with-ldap" | |
TEST_ASAN=1 | |
CLEAR_CACHE=1 | |
# ------------------------------------------------------------------------- | |
- name: HTTP/2 test suite | |
config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=all | |
pkgs: curl python3-pytest nghttp2-client python3-cryptography python3-requests python3-multipart python3-filelock python3-websockets | |
env: | | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--with-crypto" | |
NO_TEST_FRAMEWORK=1 | |
TEST_INSTALL=1 | |
TEST_H2=1 | |
TEST_CORE=1 | |
TEST_PROXY=1 | |
# ------------------------------------------------------------------------- | |
### TODO: if: *condition_not_24x | |
### TODO: pebble install is broken. | |
# - name: ACME test suite | |
# config: --enable-mods-shared=reallyall --with-mpm=event --enable-mpms-shared=event | |
# pkgs: >- | |
# python3-pytest nghttp2-client python3-cryptography python3-requests python3-filelock | |
# golang-1.17 curl | |
# env: | | |
# APR_VERSION=1.7.4 | |
# APU_VERSION=1.6.3 | |
# APU_CONFIG="--with-crypto" | |
# GOROOT=/usr/lib/go-1.17 | |
# NO_TEST_FRAMEWORK=1 | |
# TEST_INSTALL=1 | |
# TEST_MD=1 | |
# ------------------------------------------------------------------------- | |
### TODO: if: *condition_not_24x | |
- name: Configured w/reduced exports | |
config: --enable-reduced-exports --enable-maintainer-mode --enable-systemd | |
pkgs: libsystemd-dev | |
env: | | |
SKIP_TESTING=1 | |
TEST_INSTALL=1 | |
# ------------------------------------------------------------------------- | |
### TODO if: *condition_not_24x | |
### TODO: Fails because :i386 packages are not being found. | |
# - name: i386 Shared MPMs, most modules, maintainer-mode w/-Werror | |
# config: --enable-mods-shared=reallyall --disable-xml2enc --disable-proxy-html --enable-mpms-shared=all --enable-maintainer-mode | |
# pkgs: >- | |
# cpanminus libc6-dev-i386 gcc-multilib libexpat1-dev:i386 libssl-dev:i386 | |
# lib32z1-dev libbrotli-dev:i386 libpcre2-dev:i386 libldap2-dev:i386 libtool-bin | |
# perl-doc libapr1-dev libbrotli-dev:i386 | |
# env: | | |
# PKG_CONFIG_PATH="/usr/lib/i386-linux-gnu/pkgconfig" | |
# NOTEST_CFLAGS="-Werror" | |
# CC="gcc -m32" | |
# APR_VERSION=1.7.0 | |
# APU_VERSION=1.6.3 | |
# APU_CONFIG="--with-crypto --with-ldap" | |
# ------------------------------------------------------------------------- | |
- name: OpenSSL 3.1 | |
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto | |
env: | | |
TEST_OPENSSL3=3.1.7 | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--without-crypto" | |
# ------------------------------------------------------------------------- | |
- name: OpenSSL 3.2 -Werror | |
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto | |
notest-cflags: -Werror -O2 -Wno-deprecated-declarations | |
env: | | |
TEST_OPENSSL3=3.2.2 | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--without-crypto" | |
# ------------------------------------------------------------------------- | |
- name: OpenSSL 3.2 no-engine | |
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto | |
env: | | |
TEST_OPENSSL3=3.2.2 | |
OPENSSL_CONFIG=no-engine | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--without-crypto" | |
# ------------------------------------------------------------------------- | |
- name: OpenSSL 3.3 no-engine -Werror | |
config: --enable-mods-shared=most --enable-maintainer-mode --disable-md --disable-http2 --disable-ldap --disable-crypto | |
notest-cflags: -Werror -O2 | |
env: | | |
TEST_OPENSSL3=3.3.2 | |
OPENSSL_CONFIG=no-engine | |
APR_VERSION=1.7.4 | |
APU_VERSION=1.6.3 | |
APU_CONFIG="--without-crypto" | |
# ------------------------------------------------------------------------- | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
env: | |
NOTEST_CFLAGS: ${{ matrix.notest-cflags }} | |
CONFIG: ${{ matrix.config }} | |
name: ${{ matrix.name }} | |
steps: | |
- name: Set environment variables | |
run: | | |
echo "${{ matrix.env }}" >> $GITHUB_ENV | |
echo JOBID=`echo "${{ matrix.notest-cflags }} ${{ matrix.env }} ${{ matrix.config }}'"| md5sum - | sed 's/ .*//'` >> $GITHUB_ENV | |
# https://github.com/actions/runner-images/issues/9491#issuecomment-1989718917 | |
- name: Workaround ASAN issue in Ubuntu 22.04 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- name: apt refresh | |
run: sudo apt-get -o Acquire::Retries=5 update | |
- name: Install prerequisites | |
run: sudo apt-get install -o Acquire::Retries=5 | |
cpanminus libtool-bin libapr1-dev libaprutil1-dev | |
liblua5.3-dev libbrotli-dev libcurl4-openssl-dev | |
libnghttp2-dev libjansson-dev libpcre2-dev gdb | |
perl-doc libsasl2-dev ${{ matrix.pkgs }} | |
- uses: actions/checkout@v4 | |
- name: Cache installed libraries | |
uses: actions/cache@v4 | |
with: | |
path: ~/root | |
key: cache-libs-${{ env.JOBID }} | |
- name: Cache CPAN modules | |
uses: actions/cache@v4 | |
with: | |
path: ~/perl5 | |
key: cache-cpan-${{ env.JOBID }} | |
- name: Configure environment | |
run: ./test/travis_before_linux.sh | |
timeout-minutes: 15 | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: config.log-${{ env.JOBID }} | |
path: | | |
/home/runner/build/**/config.log | |
- name: Build and test | |
run: ./test/travis_run_linux.sh | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: error_log-${{ env.JOBID }} | |
path: test/perl-framework/t/logs/error_log | |