This is an automated email from the ASF dual-hosted git repository.
monkeydluffy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 538b964c3 feat: support openssl3 (#10724)
538b964c3 is described below
commit 538b964c3bb5a60d8b6016aa0b552439c6307f1b
Author: AlinsRan <[email protected]>
AuthorDate: Thu Dec 28 15:14:48 2023 +0800
feat: support openssl3 (#10724)
---
.github/workflows/cli-master.yml | 5 -----
.github/workflows/code-lint.yml | 4 ++--
.github/workflows/fips.yml | 34 +++-------------------------------
.requirements | 2 +-
Makefile | 12 ++++++------
apisix-master-0.rockspec | 2 +-
ci/centos7-ci.sh | 17 +++++++++++------
ci/common.sh | 3 ++-
ci/linux-install-openresty.sh | 40 ++++++++--------------------------------
ci/redhat-ci.sh | 18 +++++++++++-------
t/APISIX.pm | 2 +-
t/cli/test_upstream_mtls.sh | 4 ++--
t/node/ssl-protocols.t | 20 ++++++++++----------
utils/linux-install-luarocks.sh | 8 ++++----
14 files changed, 62 insertions(+), 109 deletions(-)
diff --git a/.github/workflows/cli-master.yml b/.github/workflows/cli-master.yml
index 95eec2d9b..b65141ed6 100644
--- a/.github/workflows/cli-master.yml
+++ b/.github/workflows/cli-master.yml
@@ -6,11 +6,6 @@ on:
paths-ignore:
- 'docs/**'
- '**/*.md'
- pull_request:
- branches: [master]
- paths-ignore:
- - 'docs/**'
- - '**/*.md'
concurrency:
group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/master' &&
github.run_number || github.ref }}
diff --git a/.github/workflows/code-lint.yml b/.github/workflows/code-lint.yml
index 9e2befc9a..0fdbf289f 100644
--- a/.github/workflows/code-lint.yml
+++ b/.github/workflows/code-lint.yml
@@ -22,9 +22,9 @@ jobs:
export_or_prefix
export OPENRESTY_VERSION=default
- ./ci/linux-install-openresty.sh
+ sudo -E ./ci/linux-install-openresty.sh
./utils/linux-install-luarocks.sh
- sudo luarocks install luacheck
+ sudo -E luarocks install luacheck
- name: Script
run: |
diff --git a/.github/workflows/fips.yml b/.github/workflows/fips.yml
index 192a9c983..162daf88d 100644
--- a/.github/workflows/fips.yml
+++ b/.github/workflows/fips.yml
@@ -39,6 +39,7 @@ jobs:
env:
SERVER_NAME: ${{ matrix.os_name }}
OPENRESTY_VERSION: default
+ ENABLE_FIPS: true
steps:
- name: Check out code
@@ -54,28 +55,6 @@ jobs:
path: deps
key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name
}}-${{ hashFiles('apisix-master-0.rockspec') }}
- - name: Cache openssl-3.0 compilation
- id: cache-openssl
- uses: actions/cache@v3
- env:
- cache-name: cache-openssl
- with:
- path: ~/openssl-3.0
- key: ${{ runner.os }}-${{ env.cache-name }}-${{ matrix.os_name }}
-
- - name: set openssl prefix
- id: set_openssl_prefix
- shell: bash
- run: |
- echo "openssl3_prefix=$HOME" >>$GITHUB_OUTPUT
-
- - name: Toggle openssl compile
- id: test_ssl_env
- shell: bash
- if: steps.cache-openssl.outputs.cache-hit != 'true'
- run: |
- echo "openssl3=yes" >>$GITHUB_OUTPUT
-
- name: Extract test type
shell: bash
id: test_env
@@ -139,16 +118,9 @@ jobs:
run: sudo ./ci/${{ matrix.os_name }}_runner.sh before_install
- name: Linux Install
- env:
- COMPILE_OPENSSL3: ${{ steps.test_ssl_env.outputs.openssl3 }}
- OPENSSL3_PREFIX: ${{
steps.set_openssl_prefix.outputs.openssl3_prefix }}
- USE_OPENSSL3: yes
run: |
- sudo --preserve-env=OPENRESTY_VERSION \
- --preserve-env=COMPILE_OPENSSL3 \
- --preserve-env=OPENSSL3_PREFIX \
- --preserve-env=USE_OPENSSL3 \
- ./ci/${{ matrix.os_name }}_runner.sh do_install
+ sudo --preserve-env=ENABLE_FIPS \
+ ./ci/${{ matrix.os_name }}_runner.sh do_install
- name: Linux Script
env:
diff --git a/.requirements b/.requirements
index 4961133ca..978772db5 100644
--- a/.requirements
+++ b/.requirements
@@ -17,4 +17,4 @@
APISIX_PACKAGE_NAME=apisix
-APISIX_RUNTIME=1.0.2
+APISIX_RUNTIME=1.1.0
diff --git a/Makefile b/Makefile
index 31da5ba5c..e297f9014 100644
--- a/Makefile
+++ b/Makefile
@@ -40,7 +40,7 @@ ENV_DOCKER ?= docker
ENV_DOCKER_COMPOSE ?= docker-compose --project-directory $(CURDIR) -p
$(project_name) -f $(project_compose_ci)
ENV_NGINX ?= $(ENV_NGINX_EXEC) -p $(CURDIR) -c
$(CURDIR)/conf/nginx.conf
ENV_NGINX_EXEC := $(shell command -v openresty 2>/dev/null || command
-v nginx 2>/dev/null)
-ENV_OPENSSL_PREFIX ?= $(addprefix $(ENV_NGINX_PREFIX), openssl)
+ENV_OPENSSL_PREFIX ?= $(addprefix $(ENV_NGINX_PREFIX), openssl3)
ENV_LUAROCKS ?= luarocks
## These variables can be injected by luarocks
ENV_INST_PREFIX ?= /usr
@@ -59,9 +59,9 @@ endif
# Execute only in the presence of ENV_NGINX_EXEC to avoid unexpected error
output
ifneq ($(ENV_NGINX_EXEC), )
ENV_NGINX_PREFIX := $(shell $(ENV_NGINX_EXEC) -V 2>&1 | grep -Eo
'prefix=(.*)/nginx\s+' | grep -Eo '/.*/')
- # OpenResty 1.17.8 or higher version uses openssl111 as the openssl
dirname.
- ifeq ($(shell test -d $(addprefix $(ENV_NGINX_PREFIX), openssl111) &&
echo -n yes), yes)
- ENV_OPENSSL_PREFIX := $(addprefix $(ENV_NGINX_PREFIX),
openssl111)
+ # OpenResty 1.17.8 or higher version uses openssl3 as the openssl
dirname.
+ ifeq ($(shell test -d $(addprefix $(ENV_NGINX_PREFIX), openssl3) &&
echo -n yes), yes)
+ ENV_OPENSSL_PREFIX := $(addprefix $(ENV_NGINX_PREFIX), openssl3)
endif
endif
@@ -80,8 +80,8 @@ ifeq ($(ENV_OS_NAME), darwin)
ifeq ($(shell test -d $(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl &&
echo -n yes), yes)
ENV_OPENSSL_PREFIX :=
$(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl
endif
- ifeq ($(shell test -d $(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl111
&& echo -n yes), yes)
- ENV_OPENSSL_PREFIX :=
$(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl111
+ ifeq ($(shell test -d $(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl3 &&
echo -n yes), yes)
+ ENV_OPENSSL_PREFIX :=
$(ENV_HOMEBREW_PREFIX)/opt/openresty-openssl3
endif
ifeq ($(shell test -d $(ENV_HOMEBREW_PREFIX)/opt/pcre && echo -n yes),
yes)
ENV_PCRE_PREFIX := $(ENV_HOMEBREW_PREFIX)/opt/pcre
diff --git a/apisix-master-0.rockspec b/apisix-master-0.rockspec
index b65d7a765..7ee912a22 100644
--- a/apisix-master-0.rockspec
+++ b/apisix-master-0.rockspec
@@ -65,7 +65,7 @@ dependencies = {
"graphql = 0.0.2",
"argparse = 0.7.1-1",
"luasocket = 3.1.0-1",
- "luasec = 0.9-1",
+ "luasec = 1.3.2-1",
"lua-resty-consul = 0.3-2",
"penlight = 1.13.1",
"ext-plugin-proto = 0.6.1",
diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh
index d89ce763c..f9961f758 100755
--- a/ci/centos7-ci.sh
+++ b/ci/centos7-ci.sh
@@ -23,9 +23,12 @@ install_dependencies() {
export_or_prefix
# install build & runtime deps
- yum install -y wget tar gcc automake autoconf libtool make unzip \
- git sudo openldap-devel which ca-certificates openssl-devel \
- epel-release
+ yum install -y wget tar gcc gcc-c++ automake autoconf libtool make unzip
patch \
+ git sudo openldap-devel which ca-certificates \
+ openresty-pcre-devel openresty-zlib-devel \
+ epel-release \
+ cpanminus perl \
+ openssl-devel
# install newer curl
yum makecache
@@ -40,12 +43,14 @@ install_dependencies() {
# install openresty to make apisix's rpm test work
yum install -y yum-utils && yum-config-manager --add-repo
https://openresty.org/package/centos/openresty.repo
+ export luajit_xcflags="-DLUAJIT_ASSERT -DLUAJIT_NUMMODE=2
-DLUAJIT_ENABLE_LUA52COMPAT -O0"
+ export debug_args=--with-debug
- wget
"https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime-debug-centos7.sh";
wget
"https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh";
- chmod +x build-apisix-runtime-debug-centos7.sh
chmod +x build-apisix-runtime.sh
- ./build-apisix-runtime-debug-centos7.sh
+ ./build-apisix-runtime.sh latest
+ curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
+
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
# patch lua-resty-events
sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event
worker failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua
diff --git a/ci/common.sh b/ci/common.sh
index 525118e1a..7609bcfd0 100644
--- a/ci/common.sh
+++ b/ci/common.sh
@@ -25,7 +25,8 @@ export_or_prefix() {
export OPENRESTY_PREFIX="/usr/local/openresty"
export
APISIX_MAIN="https://raw.githubusercontent.com/apache/apisix/master/apisix-master-0.rockspec";
export
PATH=$OPENRESTY_PREFIX/nginx/sbin:$OPENRESTY_PREFIX/luajit/bin:$OPENRESTY_PREFIX/bin:$PATH
- export OPENSSL111_BIN=$OPENRESTY_PREFIX/openssl111/bin/openssl
+ export OPENSSL_PREFIX=$OPENRESTY_PREFIX/openssl3
+ export OPENSSL_BIN=$OPENSSL_PREFIX/bin/openssl
}
create_lua_deps() {
diff --git a/ci/linux-install-openresty.sh b/ci/linux-install-openresty.sh
index 7d3ce17e6..bcb74a959 100755
--- a/ci/linux-install-openresty.sh
+++ b/ci/linux-install-openresty.sh
@@ -35,41 +35,12 @@ sudo add-apt-repository -y "deb
https://openresty.org/package/${arch_path}ubuntu
sudo add-apt-repository -y "deb
http://repos.apiseven.com/packages/${arch_path}debian bullseye main"
sudo apt-get update
-sudo apt-get install -y openresty-openssl111 openresty-openssl111-dev
libldap2-dev openresty-pcre openresty-zlib
+sudo apt-get install -y libldap2-dev openresty-pcre-dev openresty-zlib-dev
build-essential gcc g++ cpanminus
-COMPILE_OPENSSL3=${COMPILE_OPENSSL3-no}
-USE_OPENSSL3=${USE_OPENSSL3-no}
-OPENSSL3_PREFIX=${OPENSSL3_PREFIX-/home/runner}
SSL_LIB_VERSION=${SSL_LIB_VERSION-openssl}
+ENABLE_FIPS=${ENABLE_FIPS:-"false"}
if [ "$OPENRESTY_VERSION" == "source" ]; then
- export openssl_prefix=/usr/local/openresty/openssl111
- export zlib_prefix=/usr/local/openresty/zlib
- export pcre_prefix=/usr/local/openresty/pcre
-
- export cc_opt="-DNGX_LUA_ABORT_AT_PANIC -I${zlib_prefix}/include
-I${pcre_prefix}/include -I${openssl_prefix}/include"
- export ld_opt="-L${zlib_prefix}/lib -L${pcre_prefix}/lib
-L${openssl_prefix}/lib
-Wl,-rpath,${zlib_prefix}/lib:${pcre_prefix}/lib:${openssl_prefix}/lib"
-
- if [ "$COMPILE_OPENSSL3" == "yes" ]; then
- apt install -y build-essential
- git clone https://github.com/openssl/openssl
- cd openssl
- ./Configure --prefix=$OPENSSL3_PREFIX/openssl-3.0 enable-fips
- make install
- bash -c "echo $OPENSSL3_PREFIX/openssl-3.0/lib64 >
/etc/ld.so.conf.d/openssl3.conf"
- ldconfig
- $OPENSSL3_PREFIX/openssl-3.0/bin/openssl fipsinstall -out
$OPENSSL3_PREFIX/openssl-3.0/ssl/fipsmodule.cnf -module
$OPENSSL3_PREFIX/openssl-3.0/lib64/ossl-modules/fips.so
- sed -i 's@# .include [email protected]
'"$OPENSSL3_PREFIX"'/openssl-3.0/ssl/fipsmodule.cnf@g; s/# \(fips =
fips_sect\)/\1\nbase = base_sect\n\n[base_sect]\nactivate=1\n/g'
$OPENSSL3_PREFIX/openssl-3.0/ssl/openssl.cnf
- cd ..
- fi
-
- if [ "$USE_OPENSSL3" == "yes" ]; then
- bash -c "echo $OPENSSL3_PREFIX/openssl-3.0/lib64 >
/etc/ld.so.conf.d/openssl3.conf"
- ldconfig
- export cc_opt="-I$OPENSSL3_PREFIX/openssl-3.0/include"
- export ld_opt="-L$OPENSSL3_PREFIX/openssl-3.0/lib64
-Wl,-rpath,$OPENSSL3_PREFIX/openssl-3.0/lib64"
- fi
-
if [ "$SSL_LIB_VERSION" == "tongsuo" ]; then
export openssl_prefix=/usr/local/tongsuo
export zlib_prefix=$OPENRESTY_PREFIX/zlib
@@ -84,5 +55,10 @@ wget
"https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/$
chmod +x build-apisix-runtime.sh
./build-apisix-runtime.sh latest
+if [ ! "$ENABLE_FIPS" == "true" ]; then
+curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
+
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
+fi
+
# patch lua-resty-events
-sudo sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event
worker failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua
+sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event worker
failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua
diff --git a/ci/redhat-ci.sh b/ci/redhat-ci.sh
index 035fe40f4..97a0fe45b 100755
--- a/ci/redhat-ci.sh
+++ b/ci/redhat-ci.sh
@@ -23,8 +23,11 @@ install_dependencies() {
# install build & runtime deps
yum install -y --disablerepo=* --enablerepo=ubi-8-appstream-rpms
--enablerepo=ubi-8-baseos-rpms \
- wget tar gcc automake autoconf libtool make unzip git sudo openldap-devel
hostname \
- which ca-certificates openssl-devel
+ wget tar gcc gcc-c++ automake autoconf libtool make unzip git sudo
openldap-devel hostname patch \
+ which ca-certificates pcre pcre-devel xz \
+ openssl-devel
+
+ yum install -y --disablerepo=* --enablerepo=ubi-8-appstream-rpms
--enablerepo=ubi-8-baseos-rpms cpanminus perl
# install newer curl
yum makecache
@@ -34,14 +37,16 @@ install_dependencies() {
# install apisix-runtime to make apisix's rpm test work
yum install -y yum-utils && yum-config-manager --add-repo
https://openresty.org/package/centos/openresty.repo
rpm --import https://repos.apiseven.com/KEYS
- yum install -y openresty-openssl111 openresty-openssl111-devel pcre pcre
pcre-devel xz
yum -y install
https://repos.apiseven.com/packages/centos/apache-apisix-repo-1.0-1.noarch.rpm
- wget
"https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime-debug-centos7.sh";
+ export luajit_xcflags="-DLUAJIT_ASSERT -DLUAJIT_NUMMODE=2
-DLUAJIT_ENABLE_LUA52COMPAT -O0"
+ export debug_args=--with-debug
+
wget
"https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh";
chmod +x build-apisix-runtime.sh
- chmod +x build-apisix-runtime-debug-centos7.sh
- ./build-apisix-runtime-debug-centos7.sh
+ ./build-apisix-runtime.sh latest
+ curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \
+
https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf
# patch lua-resty-events
sed -i 's/log(ERR, "event worker failed: ", perr)/log(ngx.WARN, "event
worker failed: ", perr)/' /usr/local/openresty/lualib/resty/events/worker.lua
@@ -60,7 +65,6 @@ install_dependencies() {
install_brotli
# install test::nginx
- yum install -y --disablerepo=* --enablerepo=ubi-8-appstream-rpms
--enablerepo=ubi-8-baseos-rpms cpanminus perl
cpanm --notest Test::Nginx IPC::Run > build.log 2>&1 || (cat build.log &&
exit 1)
# add go1.15 binary to the path
diff --git a/t/APISIX.pm b/t/APISIX.pm
index 630ac6311..161c40feb 100644
--- a/t/APISIX.pm
+++ b/t/APISIX.pm
@@ -262,7 +262,7 @@ env ENABLE_ETCD_AUTH;
env APISIX_PROFILE;
env PATH; # for searching external plugin runner's binary
env TEST_NGINX_HTML_DIR;
-env OPENSSL111_BIN;
+env OPENSSL_BIN;
_EOC_
diff --git a/t/cli/test_upstream_mtls.sh b/t/cli/test_upstream_mtls.sh
index b2e437fff..1245a01ef 100755
--- a/t/cli/test_upstream_mtls.sh
+++ b/t/cli/test_upstream_mtls.sh
@@ -141,8 +141,8 @@ sleep 0.1
make stop
-if ! grep -E 'self signed certificate' logs/error.log; then
- echo "failed: should got 'self signed certificate' when
ssl_trusted_certificate is wrong ca cert"
+if ! grep -E 'self-signed certificate' logs/error.log; then
+ echo "failed: should got 'self-signed certificate' when
ssl_trusted_certificate is wrong ca cert"
exit 1
fi
diff --git a/t/node/ssl-protocols.t b/t/node/ssl-protocols.t
index 76fba7ff0..2dcc02b53 100644
--- a/t/node/ssl-protocols.t
+++ b/t/node/ssl-protocols.t
@@ -21,11 +21,11 @@ log_level('info');
no_root_location();
no_shuffle();
-my $openssl_bin = $ENV{OPENSSL111_BIN};
+my $openssl_bin = $ENV{OPENSSL_BIN};
if (! -x $openssl_bin) {
- $ENV{OPENSSL111_BIN} = '/usr/local/openresty/openssl111/bin/openssl';
- if (! -x $ENV{OPENSSL111_BIN}) {
- plan(skip_all => "openssl111 not installed");
+ $ENV{OPENSSL_BIN} = '/usr/local/openresty/openssl3/bin/openssl';
+ if (! -x $ENV{OPENSSL_BIN}) {
+ plan(skip_all => "openssl3 not installed");
}
}
@@ -128,7 +128,7 @@ passed
=== TEST 3: Successfully, access test.com with TLSv1.3
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
@@ -144,7 +144,7 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello
world/
=== TEST 5: Successfully, access test.com with TLSv1.1
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_1 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/Server certificate/
@@ -219,7 +219,7 @@ GET /t
=== TEST 8: Successfully, access test.com with TLSv1.3
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
@@ -235,7 +235,7 @@ qr/TLSv1\.2 \(IN\), TLS handshake, Server hello(?s).*hello
world/
=== TEST 10: Successfully, access test2.com with TLSv1.3
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test2.com -tls1_3 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test2.com -tls1_3 2>&1 | cat
--- response_body eval
qr/Server certificate/
@@ -285,7 +285,7 @@ passed
=== TEST 13: Successfully, access test.com with TLSv1.1
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_1 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_1 2>&1 | cat
--- response_body eval
qr/Server certificate/
@@ -293,6 +293,6 @@ qr/Server certificate/
=== TEST 14: Failed, access test.com with TLSv1.3
--- exec
-echo -n "Q" | $OPENSSL111_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
+echo -n "Q" | $OPENSSL_BIN s_client -connect 127.0.0.1:1994 -servername
test.com -tls1_3 2>&1 | cat
--- response_body eval
qr/tlsv1 alert/
diff --git a/utils/linux-install-luarocks.sh b/utils/linux-install-luarocks.sh
index b17a28076..ce023b7c9 100755
--- a/utils/linux-install-luarocks.sh
+++ b/utils/linux-install-luarocks.sh
@@ -47,10 +47,10 @@ rm -rf luarocks-"$LUAROCKS_VER"
mkdir ~/.luarocks || true
-# OpenResty 1.17.8 or higher version uses openssl111 as the openssl dirname.
-OPENSSL_PREFIX=${OPENRESTY_PREFIX}/openssl
-if [ -d ${OPENRESTY_PREFIX}/openssl111 ]; then
- OPENSSL_PREFIX=${OPENRESTY_PREFIX}/openssl111
+OPENSSL_PREFIX=${OPENRESTY_PREFIX}/openssl3
+if [ ! -d ${OPENSSL_PREFIX} ]; then
+ echo "Error: ${OPENSSL_PREFIX} not found, please install openssl3 first."
+ exit 1
fi
FOUND_PATH=$(echo "${PATH}" | grep -oP '(?<=:|)/usr/local/bin(?=:|)') || true
