diff --git a/.github/actions/install-openssl/action.yml b/.github/actions/install-openssl/action.yml index 18deda21..208f9aa2 100644 --- a/.github/actions/install-openssl/action.yml +++ b/.github/actions/install-openssl/action.yml @@ -29,16 +29,12 @@ runs: ./Configure --prefix=$HOME/openssl --libdir=lib linux-x86_64 make depend && make -j4 && make install_sw ;; - 3.*) + 3.* | 4.*) OPENSSL_COMMIT=openssl- OPENSSL_COMMIT+=$(echo ${{ inputs.version }}) git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git . echo "Git commit: $(git rev-parse HEAD)" - if [[ ${{ inputs.version }} == 3.5* ]]; then - ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests no-legacy - else - ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests - fi + ./Configure --prefix=$HOME/openssl --libdir=lib enable-fips no-tests make -j4 && make install_sw && make install_fips ;; *) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3a9a2b0a..bba41c0e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,6 +27,7 @@ jobs: - '3.2' - '3.1' openssl: + - '4.0.0' - '3.6.0' - '3.5.4' - '3.4.3' @@ -35,6 +36,15 @@ jobs: - '3.1.8' - '3.0.18' - '1.1.1w' + exclude: + # Ruby 3.1-3.3 bundle an `openssl` gem too old for OpenSSL 4.0. + # Re-enable once upstream ships patch releases that bump it. + - ruby: '3.3' + openssl: '4.0.0' + - ruby: '3.2' + openssl: '4.0.0' + - ruby: '3.1' + openssl: '4.0.0' include: - ruby: truffleruby - ruby: '3.0'