Abstract TLS API support (OpenSSL and MbedTLS backends)

2026-02-02 09:22:23 +00:00 · 2026-01-21 22:27:52 -05:00
parent ad5839f0d1
commit 02f7fb5f1f
10 changed files with 5095 additions and 1378 deletions
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -75,21 +75,32 @@ jobs:
      (github.event_name == 'pull_request'  &&
       github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) ||
      (github.event_name == 'workflow_dispatch' && github.event.inputs.test_linux == 'true')
+    strategy:
+      matrix:
+        tls_backend: [openssl, mbedtls]
+    name: ubuntu (${{ matrix.tls_backend }})
    steps:
      - name: checkout
        uses: actions/checkout@v4
-      - name: install libraries
+      - name: install common libraries
        run: |
-          sudo dpkg --add-architecture i386
          sudo apt-get update
-          sudo apt-get install -y libc6-dev${{ matrix.config.arch_suffix }} libstdc++-13-dev${{ matrix.config.arch_suffix }} \
-            libssl-dev${{ matrix.config.arch_suffix }} libcurl4-openssl-dev${{ matrix.config.arch_suffix }} \
-            zlib1g-dev${{ matrix.config.arch_suffix }} libbrotli-dev${{ matrix.config.arch_suffix }} \
-            libzstd-dev${{ matrix.config.arch_suffix }}
-      - name: build and run tests
-        run: cd test && make EXTRA_CXXFLAGS="${{ matrix.config.arch_flags }}"
+          sudo apt-get install -y libcurl4-openssl-dev zlib1g-dev libbrotli-dev libzstd-dev
+      - name: install OpenSSL
+        if: matrix.tls_backend == 'openssl'
+        run: sudo apt-get install -y libssl-dev
+      - name: install Mbed TLS
+        if: matrix.tls_backend == 'mbedtls'
+        run: sudo apt-get install -y libmbedtls-dev
+      - name: build and run tests (OpenSSL)
+        if: matrix.tls_backend == 'openssl'
+        run: cd test && make
+      - name: build and run tests (Mbed TLS)
+        if: matrix.tls_backend == 'mbedtls'
+        run: cd test && make test_split_mbedtls && make test_mbedtls && ./test_mbedtls
      - name: run fuzz test target
-        run: cd test && make EXTRA_CXXFLAGS="${{ matrix.config.arch_flags }}" fuzz_test
+        if: matrix.tls_backend == 'openssl'
+        run: cd test && make fuzz_test

  macos:
    runs-on: macos-latest
@@ -98,12 +109,24 @@ jobs:
      (github.event_name == 'pull_request'  &&
       github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) ||
      (github.event_name == 'workflow_dispatch' && github.event.inputs.test_macos == 'true')
+    strategy:
+      matrix:
+        tls_backend: [openssl, mbedtls]
+    name: macos (${{ matrix.tls_backend }})
    steps:
      - name: checkout
        uses: actions/checkout@v4
-      - name: build and run tests
+      - name: install Mbed TLS
+        if: matrix.tls_backend == 'mbedtls'
+        run: brew install mbedtls@3
+      - name: build and run tests (OpenSSL)
+        if: matrix.tls_backend == 'openssl'
        run: cd test && make
+      - name: build and run tests (Mbed TLS)
+        if: matrix.tls_backend == 'mbedtls'
+        run: cd test && make test_split_mbedtls && make test_mbedtls && ./test_mbedtls
      - name: run fuzz test target
+        if: matrix.tls_backend == 'openssl'
        run: cd test && make fuzz_test

  windows:
--- a/.github/workflows/test_proxy.yaml
+++ b/.github/workflows/test_proxy.yaml
@@ -6,15 +6,28 @@ jobs:
  test-proxy:
    runs-on: ubuntu-latest
    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-    
+    strategy:
+      matrix:
+        tls_backend: [openssl, mbedtls]
+    name: proxy (${{ matrix.tls_backend }})
+
    steps:
-    - uses: actions/checkout@v3
-    
-    - name: Install dependencies
+    - uses: actions/checkout@v4
+
+    - name: Install common dependencies
      run: |
        sudo apt-get update
-        sudo apt-get install -y build-essential libssl-dev zlib1g-dev libcurl4-openssl-dev libbrotli-dev libzstd-dev netcat-openbsd
-        
-    - name: Run proxy tests
-      run: |
-        cd test && make proxy
+        sudo apt-get install -y build-essential zlib1g-dev libcurl4-openssl-dev libbrotli-dev libzstd-dev netcat-openbsd
+    - name: Install OpenSSL
+      if: matrix.tls_backend == 'openssl'
+      run: sudo apt-get install -y libssl-dev
+    - name: Install Mbed TLS
+      if: matrix.tls_backend == 'mbedtls'
+      run: sudo apt-get install -y libmbedtls-dev
+
+    - name: Run proxy tests (OpenSSL)
+      if: matrix.tls_backend == 'openssl'
+      run: cd test && make proxy
+    - name: Run proxy tests (Mbed TLS)
+      if: matrix.tls_backend == 'mbedtls'
+      run: cd test && make proxy_mbedtls