CI: List OpenSSL providers by openssl CLI in FIPS cases. #780
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is to add the step to list OpenSSL providers in FIPS cases.
While we are calling the logic to list the OpenSSL providers in the
rake test
orrake test_fips
. In the case where the fips provider is not loaded, the Ruby OpenSSL aborts before printing the providers. This PR enables the CI to print the providers such cases.I was able to find the fips provider was not loaded with the openssl-head fips case by this commit.
https://github.com/junaruga/ruby-openssl/actions/runs/10078885746/job/27864878836#step:7:1
Below is the commit message.
Add the step to list OpenSSL providers available on OpenSSL 3.0 or later versions to check if the base and fips providers are loaded in the FIPS cases.
We have a logic to print the OpenSSL providers in the Rake test and test_fips tasks calling the debug task.
openssl/Rakefile
Line 72 in 16aa2b2
However, if the fips provider is not loaded, the Ruby OpenSSL aborts before printing the OpenSSL providers in the Rake debug task. https://github.com/ruby/openssl/actions/runs/10077703798/job/27860837398#step:13:35
This commit enables CI to print the loaded OpenSSL providers in such case.
Added the
'-Wl,-rpath,$(LIBRPATH)'
to call the openssl cli without settingLD_LIBRARY_PATH
.See https://github.com/ruby/openssl/blob/master/CONTRIBUTING.md#with-different-versions-of-openssl for details.