Fix builds with alternative versions of OpenSSL

diff --git a/.github/actions/freeradius-alt-deps/action.yml b/.github/actions/freeradius-alt-deps/action.yml
index db8fc44a1f89cf0b3ca45134dc097f6b4514740c..87e2648d1d4a6901e7eae0a7c73a37cf7fb04b60 100644 (file)
--- a/.github/actions/freeradius-alt-deps/action.yml
+++ b/.github/actions/freeradius-alt-deps/action.yml
@@ -1,10 +1,20 @@
 name: freeradius-alt-deps
 
+inputs:
+  openssl_version:
+    description: 'The version of OpenSSL to build'
+    required: true
+    default: '3.0.1'
+  openssl_args:
+    description: 'Arguments to pass to OpenSSL configure'
+    required: true
+    default: |
+      --prefix=/opt/openssl \
+      --openssldir=/usr/lib/ssl \
+      --debug
 runs:
   using: composite
-
   steps:
-
     #
     #  Build using some alternative libraries
     #
@@ -12,28 +22,37 @@ runs:
     #    MIT Kerberos -> HEIMDAL Kerberos
     #    OpenSSL 1.0  -> OpenSSL 3.0
     #
-    - name: 'Fetch OpenSSL 3.0 SHA'
+    - name: 'Fetch OpenSSL SHA'
       id: opensslshasum
       shell: bash
       run: |
-        wget -qO- http://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz.sha256 | sed -ne 's/^\s\+/shasum=/p' >> $GITHUB_OUTPUT
+        wget -qO- http://www.openssl.org/source/openssl-${{ inputs.openssl_version }}.tar.gz.sha256 | sed -ne 's/^\s\+/shasum=/p' >> $GITHUB_OUTPUT
 
-    - name: 'Restore OpenSSL 3.0 from the cache'
+    - name: 'Restore OpenSSL from the cache'
       uses: actions/cache@v4
       id: openssl-cache
       with:
         path: /opt/openssl/
-        key: openssl3-${{ steps.opensslshasum.outputs.shasum }}
+        key: openssl3-${{ steps.opensslshasum.outputs.shasum }}-${{ inputs.openssl_args }}
 
-    - name: 'Build OpenSSL 3.0 (if cache stale)'
+    #
+    #  Build OpenSSL from source
+    #
+    #  We specify the system's normal home directory for OpenSSL
+    #  so that the normal root certificates are available.
+    #
+    #  If this causes problems in future, the system openssl.cnf
+    #  can be overwritten with a custom one.
+    #
+    - name: 'Build OpenSSL (if cache stale)'
       if: ${{ steps.openssl-cache.outputs.cache-hit != 'true' }}
       shell: bash
       run: |
         cd ~
-        wget https://www.openssl.org/source/openssl-$ALT_OPENSSL.tar.gz
-        tar xzf openssl-$ALT_OPENSSL.tar.gz
-        cd openssl-$ALT_OPENSSL
-        ./Configure --prefix=/opt/openssl --openssldir=. --debug
+        wget https://www.openssl.org/source/openssl-${{inputs.openssl_version}}.tar.gz
+        tar xzf openssl-${{inputs.openssl_version}}.tar.gz
+        cd openssl-${{inputs.openssl_version}}
+        ./Configure ${{ inputs.openssl_args }}
         make -j `nproc`
         make install_sw
 

diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml
index 1beae9396df13f77efa8a52f7245902cfa60f02d..878a5b3e41db8ac09229b18289c5cfbf212ed2db 100644 (file)
--- a/.github/workflows/ci-macos.yml
+++ b/.github/workflows/ci-macos.yml
@@ -21,7 +21,6 @@ env:
   DO_BUILD: yes
   HOSTAPD_BUILD_DIR: eapol_test.ci
   HOSTAPD_GIT_TAG: hostap_2_11
-  ALT_OPENSSL: "3.0.2"
   DEBIAN_FRONTEND: noninteractive
   CI: 1
   GH_ACTIONS: 1

diff --git a/.github/workflows/ci-sanitizers.yml b/.github/workflows/ci-sanitizers.yml
index aee1ab93a4b223713789740c12028c04713d7412..48e11873da529ae551773f012560e346de17b2ba 100644 (file)
--- a/.github/workflows/ci-sanitizers.yml
+++ b/.github/workflows/ci-sanitizers.yml
@@ -23,7 +23,6 @@ env:
   DO_BUILD: yes
   HOSTAPD_BUILD_DIR: eapol_test.ci
   HOSTAPD_GIT_TAG: hostap_2_11
-  ALT_OPENSSL: "3.0.2"
   DEBIAN_FRONTEND: noninteractive
   CI: 1
   GH_ACTIONS: 1

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1627c510790bb65c1bf7ae42ff093f8edf27bd7e..6b2d9e8c837725b06396d8d90f7eb50191b7a6c0 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,6 @@ env:
   DO_BUILD: yes
   HOSTAPD_BUILD_DIR: eapol_test.ci
   HOSTAPD_GIT_TAG: hostap_2_11
-  ALT_OPENSSL: "3.0.2"
   DEBIAN_FRONTEND: noninteractive
   CI: 1
   GH_ACTIONS: 1