Test against different OpenSSL library versions#20
Open
santiagorodriguez96 wants to merge 2 commits into
Open
Conversation
santiagorodriguez96
requested review from
RenzoMinelli,
brauliomartinezlm,
joaquintomas2003 and
nicolastemciuc
The Ruby 2.4 job fails with: ``` ERROR: SSL verification error at depth 1: unable to get local issuer certificate (20) ERROR: You must add /OU=GlobalSign Root CA - R3/... to your local trusted store ERROR: Could not find a valid gem 'bundler' (~> 2.3.0) ... certificate verify failed ``` The problem is that `install-openssl` compiles OpenSSL with `--prefix=$HOME/openssl`, so its default cert dir (`OPENSSLDIR`) is `$HOME/openssl/ssl`, which is empty – the build has no CA trust store. Ruby is then built against that OpenSSL (`--with-openssl-dir=$HOME/openssl`), so every TLS call (`gem install`, `bundle install`) can't validate `rubygems.org's` `GlobalSign` chain. Ubuntu's real CA bundle lives at `/etc/ssl/certs/` but the custom OpenSSL never looks there.
santiagorodriguez96
force-pushed
the
sr--test-against-different-openssl-versions
branch
from
1b4325f to
ef439e4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Similar to cedarcode/tpm-key_attestation#49.
Summary
This PR updates our CI to manually install OpenSSL and Ruby so that we can test against different OpenSSL versions, without having to rely on the OpenSSL version that comes with ruby.
This also brings back the jobs ignored in c2c93d1 as now we can specify the jobs to use
OpenSSLv1.1.1w.