CI: List OpenSSL providers by openssl CLI in FIPS cases.

Add the step to list OpenSSL providers available on OpenSSL 3.0 or later versions to check if the base and fips providers are loaded in the FIPS cases. We have a logic to print the OpenSSL providers in the Rake test and test_fips tasks calling the debug task. https://github.com/ruby/openssl/blob/16aa2b2f0c10d9d2b6ccf09628d248ba9d2f3f4e/Rakefile#L72 However, if the fips provider is not loaded, the Ruby OpenSSL aborts before printing the OpenSSL providers in the Rake debug task. https://github.com/ruby/openssl/actions/runs/10077703798/job/27860837398#step:13:35 This commit enables CI to print the loaded OpenSSL providers in such case. Added the `'-Wl,-rpath,$(LIBRPATH)'` to call the openssl cli without setting `LD_LIBRARY_PATH`. See https://github.com/ruby/openssl/blob/master/CONTRIBUTING.md#with-different-versions-of-openssl for details.
ruby · Jul 24, 2024 · ab85d0f · ab85d0f
1 parent 16aa2b2
commit ab85d0f
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -113,7 +113,10 @@ jobs:
               echo "Git commit: $(git rev-parse HEAD)"
             fi
             # shared is required for 1.0.x.
-            ./Configure --prefix=$HOME/.openssl/${{ matrix.openssl }} --libdir=lib \
+            ./Configure \
+                --prefix=$HOME/.openssl/${{ matrix.openssl }} \
+                --libdir=lib \
+                '-Wl,-rpath,$(LIBRPATH)' \
                 shared linux-x86_64 ${{ matrix.append-configure }}
             make depend
             ;;
@@ -144,6 +147,11 @@ jobs:
         run: echo "OPENSSL_CONF=$(pwd)/tmp/openssl_fips.cnf" >> $GITHUB_ENV
         if: matrix.fips-enabled
 
+      # Check if the base and fips providers are loaded.
+      - name: list providers.
+        run: $HOME/.openssl/${{ matrix.openssl }}/bin/openssl list -providers
+        if: matrix.fips-enabled
+
       - name: load ruby
         uses: ruby/setup-ruby@v1
         with: