diff --git a/Makefile b/Makefile
index 0ab3696e0e641426b0c274393c37e63303ebef62..941827bf9c5ebf9d91dce48a02330e29e8ecdde7 100644
--- a/Makefile
+++ b/Makefile
@@ -275,6 +275,12 @@ endif
CXX11_CHECK_CMD = $(CXX) -std=c++11 -o $(TMPOUT) -c test/build/c++11.cc
HAS_CXX11 = $(shell $(CXX11_CHECK_CMD) 2> /dev/null && echo true || echo false)
+CHECK_SHADOW_WORKS_CMD = $(CC) -std=c99 -Werror -Wshadow -o $(TMPOUT) -c test/build/shadow.c
+HAS_WORKING_SHADOW = $(shell $(CHECK_SHADOW_WORKS_CMD) 2> /dev/null && echo true || echo false)
+ifeq ($(HAS_WORKING_SHADOW),true)
+W_SHADOW=-Wshadow
+endif
+
CHECK_NO_SHIFT_NEGATIVE_VALUE_CMD = $(CC) -std=c99 -Werror -Wno-shift-negative-value -o $(TMPOUT) -c test/build/empty.c
HAS_NO_SHIFT_NEGATIVE_VALUE = $(shell $(CHECK_NO_SHIFT_NEGATIVE_VALUE_CMD) 2> /dev/null && echo true || echo false)
ifeq ($(HAS_NO_SHIFT_NEGATIVE_VALUE),true)
@@ -295,7 +301,7 @@ ifdef EXTRA_DEFINES
DEFINES += $(EXTRA_DEFINES)
endif
-CFLAGS += -std=c99 -Wsign-conversion -Wconversion -Wshadow
+CFLAGS += -std=c99 -Wsign-conversion -Wconversion $(W_SHADOW)
ifeq ($(HAS_CXX11),true)
CXXFLAGS += -std=c++11
else
@@ -426,6 +432,7 @@ endif
OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
+BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) -Ithird_party/boringssl/include -fvisibility=hidden -DOPENSSL_NO_ASM -D_GNU_SOURCE -DWIN32_LEAN_AND_MEAN -D_HAS_EXCEPTIONS=0 -DNOMINMAX $(CFLAGS) -Wno-sign-conversion -Wno-conversion -Wno-unused-value -Wno-unknown-pragmas -Wno-implicit-function-declaration -Wno-unused-variable -Wno-sign-compare -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS)
ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
@@ -510,10 +517,13 @@ HAS_ZOOKEEPER = $(shell $(ZOOKEEPER_CHECK_CMD) 2> /dev/null && echo true || echo
# Note that for testing purposes, one can do:
# make HAS_EMBEDDED_OPENSSL_ALPN=false
# to emulate the fact we do not have OpenSSL in the third_party folder.
-ifeq ($(wildcard third_party/boringssl/include/openssl/ssl.h),)
+ifneq ($(wildcard third_party/openssl-1.0.2f/libssl.a),)
+HAS_EMBEDDED_OPENSSL_ALPN = third_party/openssl-1.0.2f
+else ifeq ($(wildcard third_party/boringssl/include/openssl/ssl.h),)
HAS_EMBEDDED_OPENSSL_ALPN = false
else
-HAS_EMBEDDED_OPENSSL_ALPN = true
+CAN_COMPILE_EMBEDDED_OPENSSL ?= $(shell $(BORINGSSL_COMPILE_CHECK_CMD) 2> /dev/null && echo true || echo false)
+HAS_EMBEDDED_OPENSSL_ALPN = $(CAN_COMPILE_EMBEDDED_OPENSSL)
endif
ifeq ($(wildcard third_party/zlib/zlib.h),)
@@ -572,8 +582,8 @@ ifeq ($(HAS_SYSTEM_OPENSSL_ALPN),true)
EMBED_OPENSSL ?= false
NO_SECURE ?= false
else # HAS_SYSTEM_OPENSSL_ALPN=false
-ifeq ($(HAS_EMBEDDED_OPENSSL_ALPN),true)
-EMBED_OPENSSL ?= true
+ifneq ($(HAS_EMBEDDED_OPENSSL_ALPN),false)
+EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN)
NO_SECURE ?= false
else # HAS_EMBEDDED_OPENSSL_ALPN=false
ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
@@ -594,6 +604,12 @@ OPENSSL_MERGE_LIBS += $(LIBDIR)/$(CONFIG)/libboringssl.a
OPENSSL_MERGE_OBJS += $(LIBBORINGSSL_OBJS)
# need to prefix these to ensure overriding system libraries
CPPFLAGS := -Ithird_party/boringssl/include $(CPPFLAGS)
+else ifneq ($(EMBED_OPENSSL),false)
+OPENSSL_DEP += $(EMBED_OPENSSL)/libssl.a $(EMBED_OPENSSL)/libcrypto.a
+OPENSSL_MERGE_LIBS += $(EMBED_OPENSSL)/libssl.a $(EMBED_OPENSSL)/libcrypto.a
+OPENSSL_MERGE_OBJS += $(wildcard $(EMBED_OPENSSL)/grpc_obj/*.o)
+# need to prefix these to ensure overriding system libraries
+CPPFLAGS := -I$(EMBED_OPENSSL)/include $(CPPFLAGS)
else # EMBED_OPENSSL=false
ifeq ($(HAS_PKG_CONFIG),true)
OPENSSL_PKG_CONFIG = true
@@ -768,8 +784,9 @@ openssl_dep_message:
@echo
@echo "DEPENDENCY ERROR"
@echo
- @echo "The target you are trying to run requires OpenSSL."
- @echo "Your system doesn't have it, and neither does the third_party directory."
+ @echo "The target you are trying to run requires an OpenSSL implementation."
+ @echo "Your system doesn't have one, and either the third_party directory"
+ @echo "doesn't have it, or your compiler can't build BoringSSL."
@echo
@echo "Please consult INSTALL to get more information."
@echo
@@ -13097,3 +13114,7 @@ test/cpp/util/test_credentials_provider.cc: $(OPENSSL_DEP)
endif
.PHONY: all strip tools dep_error openssl_dep_error openssl_dep_message git_update stop buildtests buildtests_c buildtests_cxx test test_c test_cxx install install_c install_cxx install-headers install-headers_c install-headers_cxx install-shared install-shared_c install-shared_cxx install-static install-static_c install-static_cxx strip strip-shared strip-static strip_c strip-shared_c strip-static_c strip_cxx strip-shared_cxx strip-static_cxx dep_c dep_cxx bins_dep_c bins_dep_cxx clean
+
+.PHONY: printvars
+printvars:
+ @$(foreach V,$(sort $(.VARIABLES)), $(if $(filter-out environment% default automatic, $(origin $V)),$(warning $V=$($V) ($(value $V)))))
diff --git a/build.yaml b/build.yaml
index bfa2efd94e625c2267e643d9a1ae142d14032b9e..8fcd31ef75282d629bdf865ec002a92bfcb1c7bc 100644
--- a/build.yaml
+++ b/build.yaml
@@ -2816,6 +2816,10 @@ node_modules:
- src/node/ext/server.cc
- src/node/ext/server_credentials.cc
- src/node/ext/timeval.cc
+openssl_fallback:
+ base_uri: http://openssl.org/source/
+ extraction_dir: openssl-1.0.2f
+ tarball: openssl-1.0.2f.tar.gz
php_config_m4:
deps:
- grpc
diff --git a/src/core/support/env_linux.c b/src/core/support/env_linux.c
index 1ca6fa1affe29a9d630afff58a262ff94504e9ee..5863ad5682f484dbbc6e3b3945afac5a90c1e148 100644
--- a/src/core/support/env_linux.c
+++ b/src/core/support/env_linux.c
@@ -43,7 +43,9 @@
#include "src/core/support/env.h"
#include <dlfcn.h>
+#include <features.h>
#include <stdlib.h>
+#include <string.h>
#include <grpc/support/log.h>
#include <grpc/support/string_util.h>
@@ -60,12 +62,19 @@ char *gpr_getenv(const char *name) {
const char *names[] = {"secure_getenv", "__secure_getenv", "getenv"};
for (size_t i = 0; getenv_func == NULL && i < GPR_ARRAY_SIZE(names); i++) {
getenv_func = (getenv_type)dlsym(RTLD_DEFAULT, names[i]);
+ if (getenv_func != NULL && strstr(names[i], "secure") == NULL) {
+ gpr_log(GPR_DEBUG, "Warning: insecure environment read function '%s' used", names[i]);
+ }
}
char *result = getenv_func(name);
return result == NULL ? result : gpr_strdup(result);
-#else
+#elif __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 17)
char *result = secure_getenv(name);
return result == NULL ? result : gpr_strdup(result);
+#else
+ gpr_log(GPR_DEBUG, "Warning: insecure environment read function '%s' used", "getenv");
+ char *result = getenv(name);
+ return result == NULL ? result : gpr_strdup(result);
#endif
}
diff --git a/templates/Makefile.template b/templates/Makefile.template
index 7aa6ad71e26a2e1a18c950f350ddcc20e75d7a65..c54c146620fb4e2d90fc8bd0f0f68f18cb08b51f 100644
--- a/templates/Makefile.template
+++ b/templates/Makefile.template
@@ -187,6 +187,12 @@
CXX11_CHECK_CMD = $(CXX) -std=c++11 -o $(TMPOUT) -c test/build/c++11.cc
HAS_CXX11 = $(shell $(CXX11_CHECK_CMD) 2> /dev/null && echo true || echo false)
+ CHECK_SHADOW_WORKS_CMD = $(CC) -std=c99 -Werror -Wshadow -o $(TMPOUT) -c test/build/shadow.c
+ HAS_WORKING_SHADOW = $(shell $(CHECK_SHADOW_WORKS_CMD) 2> /dev/null && echo true || echo false)
+ ifeq ($(HAS_WORKING_SHADOW),true)
+ W_SHADOW=-Wshadow
+ endif
+
CHECK_NO_SHIFT_NEGATIVE_VALUE_CMD = $(CC) -std=c99 -Werror -Wno-shift-negative-value -o $(TMPOUT) -c test/build/empty.c
HAS_NO_SHIFT_NEGATIVE_VALUE = $(shell $(CHECK_NO_SHIFT_NEGATIVE_VALUE_CMD) 2> /dev/null && echo true || echo false)
ifeq ($(HAS_NO_SHIFT_NEGATIVE_VALUE),true)
@@ -207,7 +213,7 @@
DEFINES += $(EXTRA_DEFINES)
endif
- CFLAGS += -std=c99 -Wsign-conversion -Wconversion -Wshadow
+ CFLAGS += -std=c99 -Wsign-conversion -Wconversion $(W_SHADOW)
ifeq ($(HAS_CXX11),true)
CXXFLAGS += -std=c++11
else
@@ -352,6 +358,7 @@
OPENSSL_ALPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-alpn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
OPENSSL_NPN_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/openssl-npn.c $(addprefix -l, $(OPENSSL_LIBS)) $(LDFLAGS)
+ BORINGSSL_COMPILE_CHECK_CMD = $(CC) $(CPPFLAGS) ${defaults.boringssl.CPPFLAGS} $(CFLAGS) ${defaults.boringssl.CFLAGS} -o $(TMPOUT) test/build/boringssl.c $(LDFLAGS)
ZLIB_CHECK_CMD = $(CC) $(CPPFLAGS) $(CFLAGS) -o $(TMPOUT) test/build/zlib.c -lz $(LDFLAGS)
PROTOBUF_CHECK_CMD = $(CXX) $(CPPFLAGS) $(CXXFLAGS) -o $(TMPOUT) test/build/protobuf.cc -lprotobuf $(LDFLAGS)
@@ -436,10 +443,13 @@
# Note that for testing purposes, one can do:
# make HAS_EMBEDDED_OPENSSL_ALPN=false
# to emulate the fact we do not have OpenSSL in the third_party folder.
- ifeq ($(wildcard third_party/boringssl/include/openssl/ssl.h),)
+ ifneq ($(wildcard third_party/${openssl_fallback.extraction_dir}/libssl.a),)
+ HAS_EMBEDDED_OPENSSL_ALPN = third_party/${openssl_fallback.extraction_dir}
+ else ifeq ($(wildcard third_party/boringssl/include/openssl/ssl.h),)
HAS_EMBEDDED_OPENSSL_ALPN = false
else
- HAS_EMBEDDED_OPENSSL_ALPN = true
+ CAN_COMPILE_EMBEDDED_OPENSSL ?= $(shell $(BORINGSSL_COMPILE_CHECK_CMD) 2> /dev/null && echo true || echo false)
+ HAS_EMBEDDED_OPENSSL_ALPN = $(CAN_COMPILE_EMBEDDED_OPENSSL)
endif
ifeq ($(wildcard third_party/zlib/zlib.h),)
@@ -498,8 +508,8 @@
EMBED_OPENSSL ?= false
NO_SECURE ?= false
else # HAS_SYSTEM_OPENSSL_ALPN=false
- ifeq ($(HAS_EMBEDDED_OPENSSL_ALPN),true)
- EMBED_OPENSSL ?= true
+ ifneq ($(HAS_EMBEDDED_OPENSSL_ALPN),false)
+ EMBED_OPENSSL ?= $(HAS_EMBEDDED_OPENSSL_ALPN)
NO_SECURE ?= false
else # HAS_EMBEDDED_OPENSSL_ALPN=false
ifeq ($(HAS_SYSTEM_OPENSSL_NPN),true)
@@ -520,6 +530,12 @@
OPENSSL_MERGE_OBJS += $(LIBBORINGSSL_OBJS)
# need to prefix these to ensure overriding system libraries
CPPFLAGS := -Ithird_party/boringssl/include $(CPPFLAGS)
+ else ifneq ($(EMBED_OPENSSL),false)
+ OPENSSL_DEP += $(EMBED_OPENSSL)/libssl.a $(EMBED_OPENSSL)/libcrypto.a
+ OPENSSL_MERGE_LIBS += $(EMBED_OPENSSL)/libssl.a $(EMBED_OPENSSL)/libcrypto.a
+ OPENSSL_MERGE_OBJS += $(wildcard $(EMBED_OPENSSL)/grpc_obj/*.o)
+ # need to prefix these to ensure overriding system libraries
+ CPPFLAGS := -I$(EMBED_OPENSSL)/include $(CPPFLAGS)
else # EMBED_OPENSSL=false
ifeq ($(HAS_PKG_CONFIG),true)
OPENSSL_PKG_CONFIG = true
@@ -706,8 +722,9 @@
@echo
@echo "DEPENDENCY ERROR"
@echo
- @echo "The target you are trying to run requires OpenSSL."
- @echo "Your system doesn't have it, and neither does the third_party directory."
+ @echo "The target you are trying to run requires an OpenSSL implementation."
+ @echo "Your system doesn't have one, and either the third_party directory"
+ @echo "doesn't have it, or your compiler can't build BoringSSL."
@echo
@echo "Please consult INSTALL to get more information."
@echo
@@ -1846,3 +1863,9 @@
strip_cxx strip-shared_cxx strip-static_cxx \
dep_c dep_cxx bins_dep_c bins_dep_cxx \
clean
+
+ .PHONY: printvars
+ printvars:
+ @$(foreach V,$(sort $(.VARIABLES)), \
+ $(if $(filter-out environment% default automatic, \
+ $(origin $V)),$(warning $V=$($V) ($(value $V)))))
diff --git a/templates/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile.template b/templates/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile.template
index 294ae00b4c7ad2eb33713fc73325d54a0e2d82a6..49371aaa3bbc6abbff53f510528304e81c2e22e2 100644
--- a/templates/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile.template
+++ b/templates/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile.template
@@ -1,6 +1,6 @@
%YAML 1.2
--- |
- # Copyright 2015-2016, Google Inc.
+ # Copyright 2016, Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -28,18 +28,21 @@
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
+
FROM debian:squeeze
-
+
<%include file="../../apt_get_basic.include" args="skip_golang=True"/>
-
+
# libgflags-dev is not available on squeezy
RUN apt-get update && apt-get -y install libgtest-dev libc++-dev clang && apt-get clean
-
+
RUN apt-get update && apt-get -y install python-pip && apt-get clean
RUN pip install argparse
-
+
+ RUN wget ${openssl_fallback.base_uri + openssl_fallback.tarball}
+
+ ENV POST_GIT_STEP tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh
+
<%include file="../../run_tests_addons.include" args="skip_zookeeper=True"/>
# Define the default command.
CMD ["bash"]
-
\ No newline at end of file
diff --git a/templates/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh.template b/templates/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh.template
new file mode 100644
index 0000000000000000000000000000000000000000..b885101748410804cef50dfc6aa7a7d2e5bfff64
--- /dev/null
+++ b/templates/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh.template
@@ -0,0 +1,37 @@
+%YAML 1.2
+--- |
+ #!/bin/bash
+ # Copyright 2016, Google Inc.
+ # All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or without
+ # modification, are permitted provided that the following conditions are
+ # met:
+ #
+ # * Redistributions of source code must retain the above copyright
+ # notice, this list of conditions and the following disclaimer.
+ # * Redistributions in binary form must reproduce the above
+ # copyright notice, this list of conditions and the following disclaimer
+ # in the documentation and/or other materials provided with the
+ # distribution.
+ # * Neither the name of Google Inc. nor the names of its
+ # contributors may be used to endorse or promote products derived from
+ # this software without specific prior written permission.
+ #
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ set -ex
+
+ cd /var/local/git/grpc
+ cp /${openssl_fallback.tarball} third_party
+ ./tools/openssl/use_openssl.sh
diff --git a/templates/tools/openssl/use_openssl.sh.template b/templates/tools/openssl/use_openssl.sh.template
new file mode 100644
index 0000000000000000000000000000000000000000..5fb377154a1b18fbd14a9090f74e34cb9574dd1c
--- /dev/null
+++ b/templates/tools/openssl/use_openssl.sh.template
@@ -0,0 +1,63 @@
+%YAML 1.2
+--- |
+ #!/bin/bash
+
+ # Copyright 2015-2016, Google Inc.
+ # All rights reserved.
+ #
+ # Redistribution and use in source and binary forms, with or without
+ # modification, are permitted provided that the following conditions are
+ # met:
+ #
+ # * Redistributions of source code must retain the above copyright
+ # notice, this list of conditions and the following disclaimer.
+ # * Redistributions in binary form must reproduce the above
+ # copyright notice, this list of conditions and the following disclaimer
+ # in the documentation and/or other materials provided with the
+ # distribution.
+ # * Neither the name of Google Inc. nor the names of its
+ # contributors may be used to endorse or promote products derived from
+ # this software without specific prior written permission.
+ #
+ # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ set -ex
+
+ cd $(dirname $0)/../..
+ set root=`pwd`
+ CC=${"${CC:-cc}"}
+
+ # allow openssl to be pre-downloaded
+ if [ ! -e third_party/${openssl_fallback.tarball} ]
+ then
+ echo "Downloading ${openssl_fallback.base_uri + openssl_fallback.tarball} to third_party/${openssl_fallback.tarball}"
+ wget ${openssl_fallback.base_uri + openssl_fallback.tarball} -O third_party/${openssl_fallback.tarball}
+ fi
+
+ # clean openssl directory
+ rm -rf third_party/${openssl_fallback.extraction_dir}
+
+ # extract archive
+ cd third_party
+ tar xfz ${openssl_fallback.tarball}
+
+ # build openssl
+ cd ${openssl_fallback.extraction_dir}
+ CC="$CC -fPIC -fvisibility=hidden" ./config no-asm
+ make
+
+ # generate the 'grpc_obj' directory needed by the makefile
+ mkdir grpc_obj
+ cd grpc_obj
+ ar x ../libcrypto.a
+ ar x ../libssl.a
diff --git a/test/build/boringssl.c b/test/build/boringssl.c
new file mode 100644
index 0000000000000000000000000000000000000000..a31d4bf3964df7d86cb73409aa543777712663c6
--- /dev/null
+++ b/test/build/boringssl.c
@@ -0,0 +1,51 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+// Check that boringssl is going to compile
+
+#include <stdio.h>
+#include <unistd.h>
+
+// boringssl uses anonymous unions
+struct foo {
+ union {
+ int a;
+ int b;
+ };
+};
+
+int main(void) {
+ const char *close = "this should not shadow";
+ printf("%s\n", close);
+ return 0;
+}
diff --git a/test/build/shadow.c b/test/build/shadow.c
new file mode 100644
index 0000000000000000000000000000000000000000..51d4f9e3852bd0ca9ecf72f5d66d2d99c5f51b37
--- /dev/null
+++ b/test/build/shadow.c
@@ -0,0 +1,43 @@
+/*
+ *
+ * Copyright 2016, Google Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google Inc. nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+// Check that boringssl is going to compile
+
+#include <stdio.h>
+#include <unistd.h>
+
+int main(void) {
+ const char *close = "this should not shadow";
+ printf("%s\n", close);
+ return 0;
+}
diff --git a/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile b/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile
index 08488874347797e4c666cfb4fa70e9509ca3ff73..b7f95aaa8d98a6a3f6f6bc18238fd72c01b2be8c 100644
--- a/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile
+++ b/tools/dockerfile/test/cxx_squeeze_x64/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2015-2016, Google Inc.
+# Copyright 2016, Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -69,6 +69,10 @@ RUN apt-get update && apt-get -y install libgtest-dev libc++-dev clang && apt-ge
RUN apt-get update && apt-get -y install python-pip && apt-get clean
RUN pip install argparse
+RUN wget http://openssl.org/source/openssl-1.0.2f.tar.gz
+
+ENV POST_GIT_STEP tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh
+
# Prepare ccache
RUN ln -s /usr/bin/ccache /usr/local/bin/gcc
RUN ln -s /usr/bin/ccache /usr/local/bin/g++
diff --git a/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh b/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh
new file mode 100755
index 0000000000000000000000000000000000000000..dfde93b1bd253a619696551bb1f2d289733427e6
--- /dev/null
+++ b/tools/dockerfile/test/cxx_squeeze_x64/post-git-setup.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+# Copyright 2016, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+set -ex
+
+cd /var/local/git/grpc
+cp /openssl-1.0.2f.tar.gz third_party
+./tools/openssl/use_openssl.sh
diff --git a/tools/jenkins/docker_run.sh b/tools/jenkins/docker_run.sh
index df7b6571d7a455a0a2f02498d300371a17579d0d..f04b1cfb55be69e017ec4b200fa9d6daf9b03207 100755
--- a/tools/jenkins/docker_run.sh
+++ b/tools/jenkins/docker_run.sh
@@ -42,6 +42,8 @@ else
cp -r "$EXTERNAL_GIT_ROOT/$RELATIVE_COPY_PATH"/* "/var/local/git/grpc/$RELATIVE_COPY_PATH"
fi
+$POST_GIT_STEP
+
if [ -x "$(command -v rvm)" ]
then
rvm use ruby-2.1
diff --git a/tools/jenkins/docker_run_tests.sh b/tools/jenkins/docker_run_tests.sh
index 3e4689265d9b22e657af53cb4d070b81f5f0ef8c..8d6c42cd9bf4710524eb025456b455a8892c2c67 100755
--- a/tools/jenkins/docker_run_tests.sh
+++ b/tools/jenkins/docker_run_tests.sh
@@ -45,6 +45,8 @@ git clone --recursive /var/local/jenkins/grpc /var/local/git/grpc
mkdir -p reports
+$POST_GIT_STEP
+
exit_code=0
$RUN_TESTS_COMMAND || exit_code=$?
diff --git a/tools/openssl/use_openssl.sh b/tools/openssl/use_openssl.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3098217ec1b54a4cf2f677994fedcf03730b052d
--- /dev/null
+++ b/tools/openssl/use_openssl.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Copyright 2015-2016, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+set -ex
+
+cd $(dirname $0)/../..
+set root=`pwd`
+CC=${CC:-cc}
+
+# allow openssl to be pre-downloaded
+if [ ! -e third_party/openssl-1.0.2f.tar.gz ]
+then
+ echo "Downloading http://openssl.org/source/openssl-1.0.2f.tar.gz to third_party/openssl-1.0.2f.tar.gz"
+ wget http://openssl.org/source/openssl-1.0.2f.tar.gz -O third_party/openssl-1.0.2f.tar.gz
+fi
+
+# clean openssl directory
+rm -rf third_party/openssl-1.0.2f
+
+# extract archive
+cd third_party
+tar xfz openssl-1.0.2f.tar.gz
+
+# build openssl
+cd openssl-1.0.2f
+CC="$CC -fPIC -fvisibility=hidden" ./config no-asm
+make
+
+# generate the 'grpc_obj' directory needed by the makefile
+mkdir grpc_obj
+cd grpc_obj
+ar x ../libcrypto.a
+ar x ../libssl.a