2018-12-24 15:04:54 +00:00
|
|
|
#!/bin/bash -eu
|
|
|
|
|
|
|
|
# ssl-opt-in-docker.sh
|
|
|
|
#
|
|
|
|
# Purpose
|
|
|
|
# -------
|
|
|
|
# This runs ssl-opt.sh in a Docker container.
|
|
|
|
#
|
2022-12-15 09:08:26 +00:00
|
|
|
# WARNING: the Dockerfile used by this script is no longer maintained! See
|
|
|
|
# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
|
|
|
|
# for the set of Docker images we use on the CI.
|
|
|
|
#
|
2018-12-24 15:04:54 +00:00
|
|
|
# Notes for users
|
|
|
|
# ---------------
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 10:42:12 +00:00
|
|
|
# If OPENSSL, GNUTLS_CLI, or GNUTLS_SERV are specified, the path must
|
2018-12-24 15:04:54 +00:00
|
|
|
# correspond to an executable inside the Docker container. The special
|
|
|
|
# values "next" and "legacy" are also allowed as shorthand for the
|
|
|
|
# installations inside the container.
|
|
|
|
#
|
|
|
|
# See also:
|
|
|
|
# - scripts/docker_env.sh for general Docker prerequisites and other information.
|
|
|
|
# - ssl-opt.sh for notes about invocation of that script.
|
|
|
|
|
2020-08-07 11:07:28 +00:00
|
|
|
# Copyright The Mbed TLS Contributors
|
2019-05-31 11:38:06 +00:00
|
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
|
|
# not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
2018-12-24 15:04:54 +00:00
|
|
|
source tests/scripts/docker_env.sh
|
|
|
|
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 10:42:12 +00:00
|
|
|
case "${OPENSSL:-default}" in
|
|
|
|
"legacy") export OPENSSL="/usr/local/openssl-1.0.1j/bin/openssl";;
|
|
|
|
"next") export OPENSSL="/usr/local/openssl-1.1.1a/bin/openssl";;
|
2018-12-24 15:04:54 +00:00
|
|
|
*) ;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case "${GNUTLS_CLI:-default}" in
|
|
|
|
"legacy") export GNUTLS_CLI="/usr/local/gnutls-3.3.8/bin/gnutls-cli";;
|
2021-08-17 02:48:26 +00:00
|
|
|
"next") export GNUTLS_CLI="/usr/local/gnutls-3.7.2/bin/gnutls-cli";;
|
2018-12-24 15:04:54 +00:00
|
|
|
*) ;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
case "${GNUTLS_SERV:-default}" in
|
|
|
|
"legacy") export GNUTLS_SERV="/usr/local/gnutls-3.3.8/bin/gnutls-serv";;
|
2021-08-17 02:48:26 +00:00
|
|
|
"next") export GNUTLS_SERV="/usr/local/gnutls-3.7.2/bin/gnutls-serv";;
|
2018-12-24 15:04:54 +00:00
|
|
|
*) ;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
run_in_docker \
|
|
|
|
-e P_SRV \
|
|
|
|
-e P_CLI \
|
|
|
|
-e P_PXY \
|
|
|
|
-e GNUTLS_CLI \
|
|
|
|
-e GNUTLS_SERV \
|
Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.
This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.
The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).
So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 10:42:12 +00:00
|
|
|
-e OPENSSL \
|
2018-12-24 15:04:54 +00:00
|
|
|
tests/ssl-opt.sh \
|
|
|
|
$@
|