You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently install openssl1.1.1 for ("$TESTS" == "integration" || "$TESTS" == "integrationv2" || "$TESTS" == "ALL" ), regardless of which libcrypto we were hoping to test with. This helps with CI build times.
However since the dynamic linker eagerly links against other libcrypto this can lead to issues where we are linking and testing with the incorrect libcrypto.
Solution:
Do a runtime check to make sure we are running with the correct libcrypto. Improve libcrypto checks #3272 (Recommended A runtime check for the correct libcrypto should be sufficient to enforce we are building linking against the correct libcrypto)
Only install one libcrypto when testing. However this can be difficult since the OS ships with a libcrypto by default. (This is really difficult and will probably break many other dependencies so its not really feasible)
Requirements / Acceptance Criteria:
Make sure its not possible to link against other libcrypto than the intended one
Dont sacrifice CI build times if possible
Is there anything the solution will intentionally NOT address?
Problem:
We currently install openssl1.1.1 for
("$TESTS" == "integration" || "$TESTS" == "integrationv2" || "$TESTS" == "ALL" ), regardless of which libcrypto we were hoping to test with. This helps with CI build times.https://github.com/aws/s2n-tls/blob/main/codebuild/bin/install_default_dependencies.sh#L33
However since the dynamic linker eagerly links against other libcrypto this can lead to issues where we are linking and testing with the incorrect libcrypto.
Solution:
Requirements / Acceptance Criteria:
Is there anything the solution will intentionally NOT address?