summaryrefslogtreecommitdiffstats
path: root/scripts/build-ssl.sh
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xscripts/build-ssl.sh208
1 files changed, 208 insertions, 0 deletions
diff --git a/scripts/build-ssl.sh b/scripts/build-ssl.sh
new file mode 100755
index 0000000..1c17775
--- /dev/null
+++ b/scripts/build-ssl.sh
@@ -0,0 +1,208 @@
+#!/bin/sh
+set -eux
+
+download_openssl () {
+ if [ ! -f "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" ]; then
+
+#
+# OpenSSL has different links for latest and previous releases
+# since we want to download several versions, let us try to treat
+# current version as latest, if it fails, follow with previous
+#
+
+ wget -P download-cache/ \
+ "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz" || \
+ wget -P download-cache/ \
+ "https://www.openssl.org/source/old/${OPENSSL_VERSION%[a-z]}/openssl-${OPENSSL_VERSION}.tar.gz"
+ fi
+}
+
+# recent openssl versions support parallel builds and skipping the docs,
+# while older ones require to build everything sequentially.
+build_openssl_linux () {
+ (
+ cd "openssl-${OPENSSL_VERSION}/"
+ ./config shared --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY
+ if [ -z "${OPENSSL_VERSION##1.*}" ]; then
+ make all
+ else
+ make -j$(nproc) build_sw
+ fi
+ make install_sw
+ )
+}
+
+build_openssl_osx () {
+ (
+ cd "openssl-${OPENSSL_VERSION}/"
+ ./Configure darwin64-x86_64-cc shared \
+ --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY
+ make depend build_sw install_sw
+ )
+}
+
+build_openssl () {
+ if [ "$(cat ${HOME}/opt/.openssl-version)" != "${OPENSSL_VERSION}" ]; then
+ tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz"
+ case `uname` in
+ 'Darwin')
+ build_openssl_osx
+ ;;
+ 'Linux')
+ build_openssl_linux
+ ;;
+ esac
+ echo "${OPENSSL_VERSION}" > "${HOME}/opt/.openssl-version"
+ fi
+}
+
+download_libressl () {
+ if [ ! -f "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz" ]; then
+ wget -P download-cache/ \
+ "https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz"
+ fi
+}
+
+build_libressl () {
+ if [ "$(cat ${HOME}/opt/.libressl-version)" != "${LIBRESSL_VERSION}" ]; then
+ tar zxf "download-cache/libressl-${LIBRESSL_VERSION}.tar.gz"
+ (
+ cd "libressl-${LIBRESSL_VERSION}/"
+ ./configure --prefix="${HOME}/opt"
+ make all install
+ )
+ echo "${LIBRESSL_VERSION}" > "${HOME}/opt/.libressl-version"
+ fi
+}
+
+download_boringssl () {
+ if [ ! -d "download-cache/boringssl" ]; then
+ git clone --depth=1 https://boringssl.googlesource.com/boringssl download-cache/boringssl
+ else
+ (
+ cd download-cache/boringssl
+ git pull
+ )
+ fi
+}
+
+download_aws_lc () {
+ if [ ! -f "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" ]; then
+ mkdir -p download-cache
+ wget -q -O "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz" \
+ "https://github.com/aws/aws-lc/archive/refs/tags/v${AWS_LC_VERSION}.tar.gz"
+ fi
+}
+
+build_aws_lc () {
+ if [ "$(cat ${HOME}/opt/.aws_lc-version)" != "${AWS_LC_VERSION}" ]; then
+ tar zxf "download-cache/aws-lc-${AWS_LC_VERSION}.tar.gz"
+ (
+ cd "aws-lc-${AWS_LC_VERSION}/"
+ mkdir -p build
+ cd build
+ cmake -version
+ cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DDISABLE_GO=1 -DDISABLE_PERL=1 \
+ -DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${HOME}/opt ..
+ make -j$(nproc)
+ make install
+ )
+ echo "${AWS_LC_VERSION}" > "${HOME}/opt/.aws_lc-version"
+ fi
+}
+
+download_quictls () {
+ if [ ! -d "download-cache/quictls" ]; then
+ git clone --depth=1 https://github.com/quictls/openssl download-cache/quictls
+ else
+ (
+ cd download-cache/quictls
+ git pull
+ )
+ fi
+}
+
+download_wolfssl () {
+ if [ ! -f "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" ]; then
+ mkdir -p download-cache
+ if [ "${WOLFSSL_VERSION%%-*}" != "git" ]; then
+ wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \
+ "https://github.com/wolfSSL/wolfssl/archive/refs/tags/v${WOLFSSL_VERSION}-stable.tar.gz"
+ else
+ wget -q -O "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" \
+ "https://github.com/wolfSSL/wolfssl/archive/${WOLFSSL_VERSION##git-}.tar.gz"
+ fi
+ fi
+}
+
+build_wolfssl () {
+ if [ "$(cat ${HOME}/opt/.wolfssl-version)" != "${WOLFSSL_VERSION}" ]; then
+ mkdir "wolfssl-${WOLFSSL_VERSION}/"
+ tar zxf "download-cache/wolfssl-${WOLFSSL_VERSION}.tar.gz" -C "wolfssl-${WOLFSSL_VERSION}/" --strip-components=1
+ (
+ cd "wolfssl-${WOLFSSL_VERSION}/"
+ autoreconf -i
+ ./configure --enable-haproxy --enable-quic --prefix="${HOME}/opt"
+ make -j$(nproc)
+ make install
+ )
+ echo "${WOLFSSL_VERSION}" > "${HOME}/opt/.wolfssl-version"
+ fi
+}
+
+if [ ! -z ${LIBRESSL_VERSION+x} ]; then
+ download_libressl
+ build_libressl
+fi
+
+if [ ! -z ${OPENSSL_VERSION+x} ]; then
+ download_openssl
+ build_openssl
+fi
+
+if [ ! -z ${BORINGSSL+x} ]; then
+ (
+
+ # travis-ci comes with go-1.11, while boringssl requires go-1.13
+ eval "$(curl -sL https://raw.githubusercontent.com/travis-ci/gimme/master/gimme | GIMME_GO_VERSION=1.13 bash)"
+
+ download_boringssl
+ cd download-cache/boringssl
+ if [ -d build ]; then rm -rf build; fi
+ mkdir build
+ cd build
+ cmake -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 ..
+ ninja
+
+ rm -rf ${HOME}/opt/lib || exit 0
+ rm -rf ${HOME}/opt/include || exit 0
+
+ mkdir -p ${HOME}/opt/lib
+ cp crypto/libcrypto.so ssl/libssl.so ${HOME}/opt/lib
+
+ mkdir -p ${HOME}/opt/include
+ cp -r ../include/* ${HOME}/opt/include
+ )
+fi
+
+if [ ! -z ${AWS_LC_VERSION+x} ]; then
+ download_aws_lc
+ build_aws_lc
+fi
+
+if [ ! -z ${QUICTLS+x} ]; then
+ (
+ download_quictls
+ cd download-cache/quictls
+
+ ./config shared no-tests ${QUICTLS_EXTRA_ARGS:-} --prefix="${HOME}/opt" --openssldir="${HOME}/opt" --libdir=lib -DPURIFY
+ make -j$(nproc) build_sw
+ make install_sw
+
+ )
+fi
+
+if [ ! -z ${WOLFSSL_VERSION+x} ]; then
+ download_wolfssl
+ build_wolfssl
+fi