Merging PR 4, github workflow on linux

Add a workflow testing mod_tls with rustls-ffi v0.14.1 and the
main branch. Use crypt provider ring only, until we get the
aws-lc-rs provider also working here.

Adjusted test code to work with apache2 on ubuntu-latest.

.github/workflows/linux.yml

@@ -0,0 +1,129 @@
+# Copyright 2025 Stefan Eissing (https://dev-icing.de)
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+name: Linux
+
+'on':
+  push:
+    branches:
+      - master
+      - '*/ci'
+    paths-ignore:
+      - '**/*.md'
+  pull_request:
+    branches:
+      - master
+    paths-ignore:
+      - '**/*.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+permissions: {}
+
+env:
+  MARGS: "-j5"
+  CFLAGS: "-g"
+
+jobs:
+  linux:
+    name: ${{ matrix.build.name }} (rustls-ffi ${{matrix.rustls-version}} ${{ matrix.crypto }} ${{matrix.rust}})
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        rust:
+          - stable
+          - nightly
+        crypto:
+          - ring
+          # aws-lc-sys v0.21.1 is not building due to compiler warnings
+          # - aws-lc-rs
+        rustls-version:
+          - v0.14.1
+          - main
+        build:
+          - name: mod_tls
+            install_packages:
+
+    steps:
+      - name: 'install prereqs'
+        run: |
+          sudo apt-get update -y
+          sudo apt-get install -y --no-install-suggests --no-install-recommends \
+            libtool autoconf automake pkgconf cmake apache2 apache2-dev openssl \
+            curl nghttp2-client libssl-dev \
+            ${{ matrix.build.install_packages }}
+          python3 -m venv $HOME/venv
+
+      - uses: actions/checkout@v4
+
+      - name: Install ${{ matrix.rust }} toolchain
+        uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ matrix.rust }}
+
+      - name: 'checkout rustls-ffi'
+        run: |
+          cd $HOME/
+          git clone --quiet --depth=1 -b ${{ matrix.rustls-version }} --recursive https://github.com/rustls/rustls-ffi.git
+
+      - name: 'build rustls-ffi (Makefile)'
+        if: matrix.rustls-version != 'main'
+        run: |
+          cd $HOME/rustls-ffi
+          make DESTDIR=$HOME/rustls-ffi/build/rust CRYPTO_PROVIDER=${{ matrix.crypto }} install
+
+      - name: Install cargo-c
+        if: matrix.rustls-version == 'main'
+        env:
+          # Version picked for MSRV compat.
+          LINK: https://github.com/lu-zero/cargo-c/releases/latest/download/
+          CARGO_C_FILE: cargo-c-x86_64-unknown-linux-musl.tar.gz
+        run: |
+          curl -L $LINK/$CARGO_C_FILE | tar xz -C ~/.cargo/bin
+
+      - name: 'build rustls-ffi (cmake)'
+        if: matrix.rustls-version == 'main'
+        run: |
+          cd $HOME/rustls-ffi
+          cmake \
+            -DCRYPTO_PROVIDER=${{matrix.crypto}} \
+            -DDYN_LINK=on \
+            -DCMAKE_BUILD_TYPE=Release \
+            -S librustls -B build
+          cmake --build build --config "Release"
+
+      - name: 'install test prereqs'
+        run: |
+          [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
+          python3 -m pip install -r test/requirements.txt
+
+      - name: 'configure'
+        run: |
+          autoreconf -fi
+          ./configure --enable-werror --with-rustls=$HOME/rustls-ffi/build/rust
+
+      - name: 'build'
+        run: make V=1
+
+      - name: pytest
+        env:
+          PYTEST_ADDOPTS: "--color=yes"
+        run: |
+          [ -x "$HOME/venv/bin/activate" ] && source $HOME/venv/bin/activate
+          pytest -v

configure.ac

@@ -181,24 +181,43 @@ CPPFLAGS="-I$($APXS -q includedir) -I$($APXS -q APR_INCLUDEDIR) $($APXS -q EXTRA
 HTTPD_VERSION="$($APXS -q HTTPD_VERSION)"
 AC_SUBST(HTTPD_VERSION)
 
-APACHECTL="$sbindir/apachectl"
-if test ! -x "$APACHECTL"; then
-    # rogue distros rename things! =)
-    APACHECTL="$sbindir/apache2ctl"
+HTTPD="$sbindir/httpd"
+if test -x "$HTTPD"; then
+  :  # all fine
+else
+  HTTPD="$sbindir/apache2"
+  if test -x "$HTTPD"; then
+    :  # all fine
+  else
+    HTTPD=""
+    AC_PATH_PROG([HTTPD], [httpd])
+    if test -x "$HTTPD"; then
+      :  # ok
+    else
+      HTTPD=""
+      AC_PATH_PROG([HTTPD], [apache2])
+      if test -x "$HTTPD"; then
+        :  # ok
+      else
+        AC_MSG_ERROR([httpd/apache2 not in PATH])
+      fi
+    fi
+  fi
 fi
-AC_SUBST(APACHECTL)
 
-if test -x "$APACHECTL"; then
-    DSO_MODULES="$($APACHECTL -t -D DUMP_MODULES | fgrep '(shared)'| sed 's/_module.*//g'|tr -d \\n)"
+if test -x "$HTTPD"; then
+    DSO_MODULES="$($HTTPD -t -D DUMP_MODULES | fgrep '(shared)'| sed 's/_module.*//g'|tr -d \\n)"
     AC_SUBST(DSO_MODULES)
-    STATIC_MODULES="$($APACHECTL -t -D DUMP_MODULES | fgrep '(static)'| sed 's/_module.*//g'|tr -d \\n)"
+    STATIC_MODULES="$($HTTPD -t -D DUMP_MODULES | fgrep '(static)'| sed 's/_module.*//g'|tr -d \\n)"
     AC_SUBST(STATIC_MODULES)
     MPM_MODULES="mpm_event mpm_worker"
     AC_SUBST(MPM_MODULES)
 else
-    AC_MSG_WARN("apachectl not found in '$BINDIR', test suite will not work!")
-    APACHECTL=""
+    AC_MSG_WARN("httpd/apache2 not found, test suite will not work!")
+    HTTPD=""
 fi
+AC_SUBST(HTTPD)
+
 AC_SUBST(LOAD_LOG_CONFIG)
 AC_SUBST(LOAD_LOGIO)
 AC_SUBST(LOAD_UNIXD)
@@ -208,18 +227,18 @@ AC_SUBST(LOAD_WATCHDOG)
 export BUILD_SUBDIRS="src"
 
 if test x"$request_rustls" != "xcheck"; then
-    LDFLAGS="$LDFLAGS -L$request_rustls/lib";
+    LDFLAGS="$LDFLAGS -L$request_rustls/lib -Wl,-rpath,$request_rustls/lib";
     CFLAGS="$CFLAGS -I$request_rustls/include";
     CPPFLAGS="$CPPFLAGS -I$request_rustls/include";
 fi
 
 # Need some additional things for rustls linkage. This seems platform specific.
 if test $(uname) = "Darwin"; then
-    CRUSTLS_LDFLAGS="-Wl,-dead_strip -framework Security -framework Foundation"
+    RUSTLS_LDFLAGS="-Wl,-dead_strip -framework Security -framework Foundation"
 else
-    CRUSTLS_LDFLAGS="-Wl,--gc-sections -lpthread -ldl"
+    RUSTLS_LDFLAGS="-Wl,--gc-sections -lpthread -ldl"
 fi
-LDFLAGS="$LDFLAGS $CRUSTLS_LDFLAGS"
+LDFLAGS="$LDFLAGS $RUSTLS_LDFLAGS"
 
 # verify that we can link rustls now
 # commented: problem running on debian
@@ -296,6 +315,7 @@ AC_MSG_NOTICE([summary of build options:
     Install prefix: ${prefix}
     APXS:           ${APXS}
     HTTPD-VERSION:  ${HTTPD_VERSION}
+    HTTPD:          ${HTTPD}
     C compiler:     ${CC} ${COMPILER_VERSION}
     CFLAGS:         ${CFLAGS}
     WARNCFLAGS:     ${WERROR_CFLAGS}

test/modules/tls/conftest.py

@@ -8,9 +8,8 @@
 from .env import TlsTestEnv
 
 
-def pytest_report_header(config, startdir):
+def pytest_report_header(config):
     _x = config
-    _x = startdir
     env = TlsTestEnv()
     return "mod_tls [apache: {aversion}({prefix})]".format(
         prefix=env.prefix,

test/modules/tls/env.py

@@ -20,16 +20,8 @@ def __init__(self, env: 'HttpdTestEnv'):
         super().__init__(env=env)
         self.add_source_dir(os.path.dirname(inspect.getfile(TlsTestSetup)))
         self.add_modules(["http2", "cgid", "watchdog", "proxy_http2", "ssl"])
+        self.add_local_module("tls", "src/.libs/mod_tls.so")
 
-    def make(self):
-        super().make()
-        self._add_mod_tls()
-
-    def _add_mod_tls(self):
-        modules_conf = os.path.join(self.env.server_dir, 'conf/modules.conf')
-        with open(modules_conf, 'a') as fd:
-            # load our test module which is not installed
-            fd.write(f"LoadModule tls_module   \"{self.env.src_dir}/.libs/mod_tls.so\"\n")
 
 class TlsCipher: