From 202ff1372a40a8adf9aac74bfe8a39141b0c57e5 Mon Sep 17 00:00:00 2001

From: Kazuki Yamaguchi <k@rhe.jp>

Date: Mon, 27 Sep 2021 00:38:38 +0900

Subject: [PATCH] ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3

Ruby/OpenSSL 2.1.x and 2.2.x will not support OpenSSL 3.0 API. Let's

make extconf.rb explicitly check the version number to be within the

acceptable range, since it will not compile anyway.

Reference: https://bugs.ruby-lang.org/issues/18192

---

 ext/openssl/extconf.rb | 43 ++++++++++++++++++++++++------------------

 1 file changed, 25 insertions(+), 18 deletions(-)

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb

index 264130bb..7e817ae2 100644

--- a/ext/openssl/extconf.rb

+++ b/ext/openssl/extconf.rb

@@ -33,9 +33,6 @@

   have_library("ws2_32")

 end

-Logging::message "=== Checking for required stuff... ===\n"

-result = pkg_config("openssl") && have_header("openssl/ssl.h")

-

 if $mingw

   append_cflags '-D_FORTIFY_SOURCE=2'

   append_ldflags '-fstack-protector'

@@ -92,19 +89,33 @@ def find_openssl_library

   return false

 end

-unless result

-  unless find_openssl_library

-    Logging::message "=== Checking for required stuff failed. ===\n"

-    Logging::message "Makefile wasn't created. Fix the errors above.\n"

-    raise "OpenSSL library could not be found. You might want to use " \

-      "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \

-      "is installed."

-  end

+Logging::message "=== Checking for required stuff... ===\n"

+pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")

+

+if !pkg_config_found && !find_openssl_library

+  Logging::message "=== Checking for required stuff failed. ===\n"

+  Logging::message "Makefile wasn't created. Fix the errors above.\n"

+  raise "OpenSSL library could not be found. You might want to use " \

+    "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \

+    "is installed."

 end

-unless checking_for("OpenSSL version is 1.0.1 or later") {

-    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }

-  raise "OpenSSL >= 1.0.1 or LibreSSL is required"

+version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")

+  is_libressl = true

+  checking_for("LibreSSL version >= 2.5.0") {

+    try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }

+else

+  checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {

+    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&

+    !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }

+end

+unless version_ok

+  raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"

+end

+

+# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h

+if is_libressl && ($mswin || $mingw)

+  $defs.push("-DNOCRYPT")

 end

 Logging::message "=== Checking for OpenSSL features... ===\n"

@@ -116,10 +127,6 @@ def find_openssl_library

   have_func("ENGINE_load_#{name}()", "openssl/engine.h")

 }

-if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")

-  $defs.push("-DNOCRYPT")

-end

-

 # added in 1.0.2

 have_func("EC_curve_nist2nid")

 have_func("X509_REVOKED_dup")