updated brew truffleruby openssl dependency @1.1 -> @3 #491

beelleau · 2024-12-12T20:47:05Z

Fix for Issue #490.

Upgrades dependencies.txt openssl version to 3.

postmodern · 2024-12-12T23:46:45Z

@beelleau since I don't have a macOS system to test this on, can you confirm that current TruffleRuby compiles and works against openssl@3?

beelleau · 2024-12-13T05:45:18Z

Verification that I've modified the dependencies.txt files:

beelleau@mac ~
 $ grep -nH ^'brew' /opt/homebrew/share/ruby-install/truffleruby*/dependencies.txt
/opt/homebrew/share/ruby-install/truffleruby-graalvm/dependencies.txt:5:brew: openssl@3 libyaml
/opt/homebrew/share/ruby-install/truffleruby/dependencies.txt:5:brew: openssl@3 libyaml

Installing & checking:

beelleau@mac ~
 $ ruby-install truffleruby
>>> Updating truffleruby versions ...
>>> Installing truffleruby 24.1.1 into /Users/beelleau/.rubies/truffleruby-24.1.1 ...
>>> Installing dependencies for truffleruby 24.1.1 ...
Warning: openssl@3 3.4.0 is already installed and up-to-date.
To reinstall 3.4.0, run:
  brew reinstall openssl@3
Warning: libyaml 0.2.5 is already installed and up-to-date.
To reinstall 0.2.5, run:
  brew reinstall libyaml
>>> Downloading https://github.com/oracle/truffleruby/releases/download/graal-24.1.1/truffleruby-24.1.1-macos-aarch64.tar.gz into /Users/beelleau/src ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 97.7M  100 97.7M    0     0  26.6M      0  0:00:03  0:00:03 --:--:-- 32.6M
>>> Verifying truffleruby-24.1.1-macos-aarch64.tar.gz ...
>>> Extracting truffleruby-24.1.1-macos-aarch64.tar.gz to /Users/beelleau/src/truffleruby-24.1.1-macos-aarch64 ...
>>> Installing truffleruby 24.1.1 ...
>>> Running truffleruby post-install hook ...
Recompiling the OpenSSL C extension (against the installed libssl)
checking for rb_io_maybe_wait(0, Qnil, Qnil, Qnil) in ruby/io.h... yes
checking for t_open() in -lnsl... no
checking for socket() in -lsocket... no
checking for openssl/ssl.h... yes
checking for CRYPTO_malloc() in -lcrypto... yes
checking for SSL_new() in -lssl... yes
checking for LIBRESSL_VERSION_NUMBER in openssl/opensslv.h... no
checking for OpenSSL version >= 1.0.2... yes
checking for RAND_egd() in openssl/rand.h... no
checking for ENGINE_load_dynamic() in openssl/engine.h... yes
checking for ENGINE_load_4758cca() in openssl/engine.h... no
checking for ENGINE_load_aep() in openssl/engine.h... no
checking for ENGINE_load_atalla() in openssl/engine.h... no
checking for ENGINE_load_chil() in openssl/engine.h... no
checking for ENGINE_load_cswift() in openssl/engine.h... no
checking for ENGINE_load_nuron() in openssl/engine.h... no
checking for ENGINE_load_sureware() in openssl/engine.h... no
checking for ENGINE_load_ubsec() in openssl/engine.h... no
checking for ENGINE_load_padlock() in openssl/engine.h... no
checking for ENGINE_load_capi() in openssl/engine.h... no
checking for ENGINE_load_gmp() in openssl/engine.h... no
checking for ENGINE_load_gost() in openssl/engine.h... no
checking for ENGINE_load_cryptodev() in openssl/engine.h... yes
checking for SSL.ctx in openssl/ssl.h... no
checking for EVP_MD_CTX_new() in openssl/evp.h... yes
checking for EVP_MD_CTX_free(NULL) in openssl/evp.h... yes
checking for EVP_MD_CTX_pkey_ctx(NULL) in openssl/evp.h... yes
checking for X509_STORE_get_ex_data(NULL, 0) in openssl/x509.h... yes
checking for X509_STORE_set_ex_data(NULL, 0, NULL) in openssl/x509.h... yes
checking for X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_CRL_get0_signature(NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_REQ_get0_signature(NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_REVOKED_get0_serialNumber(NULL) in openssl/x509.h... yes
checking for X509_REVOKED_get0_revocationDate(NULL) in openssl/x509.h... yes
checking for X509_get0_tbs_sigalg(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_untrusted(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_cert(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_chain(NULL) in openssl/x509.h... yes
checking for OCSP_SINGLERESP_get0_id(NULL) in openssl/ocsp.h... yes
checking for SSL_CTX_get_ciphers(NULL) in openssl/ssl.h... yes
checking for X509_up_ref(NULL) in openssl/x509.h... yes
checking for X509_CRL_up_ref(NULL) in openssl/x509.h... yes
checking for X509_STORE_up_ref(NULL) in openssl/x509.h... yes
checking for SSL_SESSION_up_ref(NULL) in openssl/ssl.h... yes
checking for EVP_PKEY_up_ref(NULL) in openssl/evp.h... yes
checking for SSL_CTX_set_min_proto_version(NULL, 0) in openssl/ssl.h... yes
checking for SSL_CTX_get_security_level(NULL) in openssl/ssl.h... yes
checking for X509_get0_notBefore(NULL) in openssl/x509.h... yes
checking for SSL_SESSION_get_protocol_version(NULL) in openssl/ssl.h... yes
checking for TS_STATUS_INFO_get0_status(NULL) in openssl/ts.h... yes
checking for TS_STATUS_INFO_get0_text(NULL) in openssl/ts.h... yes
checking for TS_STATUS_INFO_get0_failure_info(NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTS_set_certs(NULL, NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTX_set_store(NULL, NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTX_add_flags(NULL, 0) in openssl/ts.h... yes
checking for TS_RESP_CTX_set_time_cb(NULL, NULL, NULL) in openssl/ts.h... yes
checking for EVP_PBE_scrypt("", 0, (unsigned char *)"", 0, 0, 0, 0, 0, NULL, 0) in openssl/evp.h... yes
checking for SSL_CTX_set_post_handshake_auth(NULL, 0) in openssl/ssl.h... yes
checking for EVP_PKEY_check(NULL) in openssl/evp.h... yes
checking for EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)"", 0) in openssl/evp.h... yes
checking for SSL_CTX_set_ciphersuites(NULL, "") in openssl/ssl.h... yes
checking for SSL_set0_tmp_dh_pkey(NULL, NULL) in openssl/ssl.h... yes
checking for ERR_get_error_all(NULL, NULL, NULL, NULL, NULL) in openssl/err.h... yes
checking for TS_VERIFY_CTX_set_certs(NULL, NULL) in openssl/ts.h... yes
checking for SSL_CTX_load_verify_file(NULL, "") in openssl/ssl.h... yes
checking for BN_check_prime(NULL, NULL, NULL) in openssl/bn.h... yes
checking for EVP_MD_CTX_get0_md(NULL) in openssl/evp.h... yes
checking for EVP_MD_CTX_get_pkey_ctx(NULL) in openssl/evp.h... yes
checking for EVP_PKEY_eq(NULL, NULL) in openssl/evp.h... yes
checking for EVP_PKEY_dup(NULL) in openssl/evp.h... yes
creating extconf.h
creating Makefile
compiling openssl_missing.c
compiling ossl.c
compiling ossl_asn1.c
compiling ossl_bio.c
compiling ossl_bn.c
compiling ossl_cipher.c
compiling ossl_config.c
compiling ossl_digest.c
compiling ossl_engine.c
compiling ossl_hmac.c
compiling ossl_kdf.c
compiling ossl_ns_spki.c
compiling ossl_ocsp.c
compiling ossl_pkcs12.c
compiling ossl_pkcs7.c
compiling ossl_pkey.c
compiling ossl_pkey_dh.c
compiling ossl_pkey_dsa.c
compiling ossl_pkey_ec.c
compiling ossl_pkey_rsa.c
compiling ossl_rand.c
compiling ossl_ssl.c
compiling ossl_ssl_session.c
compiling ossl_ts.c
compiling ossl_x509.c
compiling ossl_x509attr.c
compiling ossl_x509cert.c
compiling ossl_x509crl.c
compiling ossl_x509ext.c
compiling ossl_x509name.c
compiling ossl_x509req.c
compiling ossl_x509revoked.c
compiling ossl_x509store.c
linking shared-object openssl.bundle

Recompiling the Psych C extension (against the installed libyaml)
checking for yaml.h... yes
checking for yaml_get_version() in -lyaml... yes
creating Makefile
compiling psych.c
compiling psych_emitter.c
compiling psych_parser.c
compiling psych_to_ruby.c
compiling psych_yaml_tree.c
linking shared-object psych.bundle

TruffleRuby was successfully installed in /Users/beelleau/.rubies/truffleruby-24.1.1
>>> Successfully installed truffleruby 24.1.1 into /Users/beelleau/.rubies/truffleruby-24.1.1

[started a new session]

beelleau@mac ~ 
 $ type ruby
ruby is /Users/beelleau/.rubies/truffleruby-24.1.1/bin/ruby

beelleau@mac ~ 
 $ type gem
gem is /Users/beelleau/.rubies/truffleruby-24.1.1/bin/gem

beelleau@mac ~ 
 $ ruby -r openssl -e 'puts OpenSSL::Digest::SHA256.hexdigest("Hello, postmodern!")'
fbe19e4f1ba1856523a1a6703139f75facd00d2b4bd94eb1718463d536685d3f

beelleau@mac ~ 
 $ ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 3.4.0 22 Oct 2024

beelleau@mac ~/beehive 
 $ gem list openssl

*** LOCAL GEMS ***

openssl (default: 3.1.0)

Making a HTTPS request:

#!/usr/bin/env ruby

require 'net/https'

puts "Ruby engine: #{RUBY_ENGINE}"
puts "Ruby version: #{RUBY_VERSION}"
puts
puts OpenSSL::OPENSSL_VERSION
puts

uri = URI('https://www.google.com')
https = Net::HTTP.new(uri.host, uri.port)
https.use_ssl = true

request = Net::HTTP::Get.new(uri)
response = https.request(request)

if response.code == '200'
  puts 'HTTPS connection successful!'
  puts response.body[0...100]
else
  puts "Error connecting: #{response.code} #{response.message}"
end

running it:

beelleau@mac ~/beehive 
 $ ./test-https.rb 
Ruby engine: truffleruby
Ruby version: 3.2.4

OpenSSL 3.4.0 22 Oct 2024

HTTPS connection successful!
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content

beelleau · 2024-12-13T05:47:20Z

same thing as above but with truffleruby-graalvm

Installing & checking:

beelleau@mac ~ 
 $ ruby-install truffleruby-graalvm
>>> Updating truffleruby-graalvm versions ...
>>> Installing truffleruby-graalvm 24.1.1 into /Users/beelleau/.rubies/truffleruby-graalvm-24.1.1 ...
>>> Installing dependencies for truffleruby-graalvm 24.1.1 ...
Warning: openssl@3 3.4.0 is already installed and up-to-date.
To reinstall 3.4.0, run:
  brew reinstall openssl@3
Warning: libyaml 0.2.5 is already installed and up-to-date.
To reinstall 0.2.5, run:
  brew reinstall libyaml
>>> Downloading https://github.com/oracle/truffleruby/releases/download/graal-24.1.1/truffleruby-jvm-24.1.1-macos-aarch64.tar.gz into /Users/beelleau/src ...
>>> Verifying truffleruby-jvm-24.1.1-macos-aarch64.tar.gz ...
>>> Extracting truffleruby-jvm-24.1.1-macos-aarch64.tar.gz to /Users/beelleau/src/truffleruby-24.1.1-macos-aarch64 ...
>>> Installing TruffleRuby GraalVM 24.1.1 ...
>>> Running truffleruby post-install hook ...
Recompiling the OpenSSL C extension (against the installed libssl)
checking for rb_io_maybe_wait(0, Qnil, Qnil, Qnil) in ruby/io.h... yes
checking for t_open() in -lnsl... no
checking for socket() in -lsocket... no
checking for openssl/ssl.h... yes
checking for CRYPTO_malloc() in -lcrypto... yes
checking for SSL_new() in -lssl... yes
checking for LIBRESSL_VERSION_NUMBER in openssl/opensslv.h... no
checking for OpenSSL version >= 1.0.2... yes
checking for RAND_egd() in openssl/rand.h... no
checking for ENGINE_load_dynamic() in openssl/engine.h... yes
checking for ENGINE_load_4758cca() in openssl/engine.h... no
checking for ENGINE_load_aep() in openssl/engine.h... no
checking for ENGINE_load_atalla() in openssl/engine.h... no
checking for ENGINE_load_chil() in openssl/engine.h... no
checking for ENGINE_load_cswift() in openssl/engine.h... no
checking for ENGINE_load_nuron() in openssl/engine.h... no
checking for ENGINE_load_sureware() in openssl/engine.h... no
checking for ENGINE_load_ubsec() in openssl/engine.h... no
checking for ENGINE_load_padlock() in openssl/engine.h... no
checking for ENGINE_load_capi() in openssl/engine.h... no
checking for ENGINE_load_gmp() in openssl/engine.h... no
checking for ENGINE_load_gost() in openssl/engine.h... no
checking for ENGINE_load_cryptodev() in openssl/engine.h... yes
checking for SSL.ctx in openssl/ssl.h... no
checking for EVP_MD_CTX_new() in openssl/evp.h... yes
checking for EVP_MD_CTX_free(NULL) in openssl/evp.h... yes
checking for EVP_MD_CTX_pkey_ctx(NULL) in openssl/evp.h... yes
checking for X509_STORE_get_ex_data(NULL, 0) in openssl/x509.h... yes
checking for X509_STORE_set_ex_data(NULL, 0, NULL) in openssl/x509.h... yes
checking for X509_STORE_get_ex_new_index(0, NULL, NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_CRL_get0_signature(NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_REQ_get0_signature(NULL, NULL, NULL) in openssl/x509.h... yes
checking for X509_REVOKED_get0_serialNumber(NULL) in openssl/x509.h... yes
checking for X509_REVOKED_get0_revocationDate(NULL) in openssl/x509.h... yes
checking for X509_get0_tbs_sigalg(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_untrusted(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_cert(NULL) in openssl/x509.h... yes
checking for X509_STORE_CTX_get0_chain(NULL) in openssl/x509.h... yes
checking for OCSP_SINGLERESP_get0_id(NULL) in openssl/ocsp.h... yes
checking for SSL_CTX_get_ciphers(NULL) in openssl/ssl.h... yes
checking for X509_up_ref(NULL) in openssl/x509.h... yes
checking for X509_CRL_up_ref(NULL) in openssl/x509.h... yes
checking for X509_STORE_up_ref(NULL) in openssl/x509.h... yes
checking for SSL_SESSION_up_ref(NULL) in openssl/ssl.h... yes
checking for EVP_PKEY_up_ref(NULL) in openssl/evp.h... yes
checking for SSL_CTX_set_min_proto_version(NULL, 0) in openssl/ssl.h... yes
checking for SSL_CTX_get_security_level(NULL) in openssl/ssl.h... yes
checking for X509_get0_notBefore(NULL) in openssl/x509.h... yes
checking for SSL_SESSION_get_protocol_version(NULL) in openssl/ssl.h... yes
checking for TS_STATUS_INFO_get0_status(NULL) in openssl/ts.h... yes
checking for TS_STATUS_INFO_get0_text(NULL) in openssl/ts.h... yes
checking for TS_STATUS_INFO_get0_failure_info(NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTS_set_certs(NULL, NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTX_set_store(NULL, NULL) in openssl/ts.h... yes
checking for TS_VERIFY_CTX_add_flags(NULL, 0) in openssl/ts.h... yes
checking for TS_RESP_CTX_set_time_cb(NULL, NULL, NULL) in openssl/ts.h... yes
checking for EVP_PBE_scrypt("", 0, (unsigned char *)"", 0, 0, 0, 0, 0, NULL, 0) in openssl/evp.h... yes
checking for SSL_CTX_set_post_handshake_auth(NULL, 0) in openssl/ssl.h... yes
checking for EVP_PKEY_check(NULL) in openssl/evp.h... yes
checking for EVP_PKEY_new_raw_private_key(0, NULL, (unsigned char *)"", 0) in openssl/evp.h... yes
checking for SSL_CTX_set_ciphersuites(NULL, "") in openssl/ssl.h... yes
checking for SSL_set0_tmp_dh_pkey(NULL, NULL) in openssl/ssl.h... yes
checking for ERR_get_error_all(NULL, NULL, NULL, NULL, NULL) in openssl/err.h... yes
checking for TS_VERIFY_CTX_set_certs(NULL, NULL) in openssl/ts.h... yes
checking for SSL_CTX_load_verify_file(NULL, "") in openssl/ssl.h... yes
checking for BN_check_prime(NULL, NULL, NULL) in openssl/bn.h... yes
checking for EVP_MD_CTX_get0_md(NULL) in openssl/evp.h... yes
checking for EVP_MD_CTX_get_pkey_ctx(NULL) in openssl/evp.h... yes
checking for EVP_PKEY_eq(NULL, NULL) in openssl/evp.h... yes
checking for EVP_PKEY_dup(NULL) in openssl/evp.h... yes
creating extconf.h
creating Makefile
compiling openssl_missing.c
compiling ossl.c
compiling ossl_asn1.c
compiling ossl_bio.c
compiling ossl_bn.c
compiling ossl_cipher.c
compiling ossl_config.c
compiling ossl_digest.c
compiling ossl_engine.c
compiling ossl_hmac.c
compiling ossl_kdf.c
compiling ossl_ns_spki.c
compiling ossl_ocsp.c
compiling ossl_pkcs12.c
compiling ossl_pkcs7.c
compiling ossl_pkey.c
compiling ossl_pkey_dh.c
compiling ossl_pkey_dsa.c
compiling ossl_pkey_ec.c
compiling ossl_pkey_rsa.c
compiling ossl_rand.c
compiling ossl_ssl.c
compiling ossl_ssl_session.c
compiling ossl_ts.c
compiling ossl_x509.c
compiling ossl_x509attr.c
compiling ossl_x509cert.c
compiling ossl_x509crl.c
compiling ossl_x509ext.c
compiling ossl_x509name.c
compiling ossl_x509req.c
compiling ossl_x509revoked.c
compiling ossl_x509store.c
linking shared-object openssl.bundle

Recompiling the Psych C extension (against the installed libyaml)
checking for yaml.h... yes
checking for yaml_get_version() in -lyaml... yes
creating Makefile
compiling psych.c
compiling psych_emitter.c
compiling psych_parser.c
compiling psych_to_ruby.c
compiling psych_yaml_tree.c
linking shared-object psych.bundle

TruffleRuby was successfully installed in /Users/beelleau/.rubies/truffleruby-graalvm-24.1.1
>>> Successfully installed truffleruby-graalvm 24.1.1 into /Users/beelleau/.rubies/truffleruby-graalvm-24.1.1

[edited .ruby-version file and started a new session]

beelleau@mac ~ 
 $ type -P ruby
/Users/beelleau/.rubies/truffleruby-graalvm-24.1.1/bin/ruby

beelleau@mac ~ 
 $ type gem
gem is /Users/beelleau/.rubies/truffleruby-graalvm-24.1.1/bin/gem

beelleau@mac ~ 
 $ ruby -r openssl -e 'puts OpenSSL::Digest::SHA256.hexdigest("Hello, postmodern!")'
fbe19e4f1ba1856523a1a6703139f75facd00d2b4bd94eb1718463d536685d3f

beelleau@mac ~ 
 $ ruby -r openssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 3.4.0 22 Oct 2024

beelleau@mac ~ 
 $ gem list openssl

*** LOCAL GEMS ***

openssl (default: 3.1.0)

Making a HTTPS request (same code as before):

beelleau@mac ~ 
 $ cd beehive/
beelleau@mac ~/beehive 
 $ ./test-https.rb 
Ruby engine: truffleruby
Ruby version: 3.2.4

OpenSSL 3.4.0 22 Oct 2024

HTTPS connection successful!
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content

updated brew truffleruby openssl dependency @1.1 -> @3

7b64062

beelleau mentioned this pull request Dec 12, 2024

TruffleRuby[GraalVM] - homebrew openssl dependency upgrade to v3 #490

Closed

postmodern added needs info truffleruby truffleruby+graalvm dependencies openssl labels Dec 12, 2024

postmodern assigned beelleau Dec 12, 2024

postmodern approved these changes Dec 13, 2024

View reviewed changes

postmodern merged commit dcf95df into postmodern:master Dec 13, 2024
0 of 2 checks passed

beelleau deleted the truffleruby_use_openssl3 branch December 13, 2024 08:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

updated brew truffleruby openssl dependency @1.1 -> @3 #491

updated brew truffleruby openssl dependency @1.1 -> @3 #491

beelleau commented Dec 12, 2024

postmodern commented Dec 12, 2024

beelleau commented Dec 13, 2024

beelleau commented Dec 13, 2024

updated brew truffleruby openssl dependency @1.1 -> @3 #491

updated brew truffleruby openssl dependency @1.1 -> @3 #491

Conversation

beelleau commented Dec 12, 2024

postmodern commented Dec 12, 2024

beelleau commented Dec 13, 2024

beelleau commented Dec 13, 2024