[openssl 3.x.x] fix "official" OpenSSL vars for CMakeDeps gen

[jngrb]

this extends the improvements of PR #12838 done for the 1.x.x recipe to the 3.x.x one; also there is a new 3.x.x test_package using the CMakeDeps generator

---

Reason: without this change, it is currently not possible to override the OpenSSL version to 3.0.x in Poco (see comment below)

---

• I've read the contributing guidelines.
• I've followed the PEP8 style guides for Python code in the recipes.
• I've used the latest Conan client version.
• I've tried at least one configuration locally with the conan-center hook activated.

[ghost]

I detected other pull requests that are modifying openssl/3.x.x recipe:

• OpenSSL 3.x: fixes to support Conan 2.0 #16658
• Openssl 3.x.x conan v2 #16563

This message is automatically generated by https://github.com/ericLemanissier/conan-center-conflicting-prs so don't hesitate to report issues/improvements there.

[uilianries]

You can't skip a test. If something does not work, please, raise a ConanInvalidConfiguration in validate() method in the recipe

[jngrb]

I just copied & pasted this part from the "v2 test package" for 1.x.x: https://github.com/conan-io/conan-center-index/blame/master/recipes/openssl/1.x.x/test_package/conanfile.py#L16

I originates here: #9208 (comment)

As this test skipping was not part of the "v1 test package" for 3.x.x, I will give it a try not to have this in the "v2 test package" for 3.x.x

[jngrb]

Giving some background for this change: I would like to be able to override openssl to version 3.0.7 in Poco. As of now, since Poco was changed to CMakeDeps in #12868 , this no longer works:

conan create -o poco:enable_data=False -o poco:enable_data_mysql=False -o poco:enable_data_postgresql=False -o poco:enable_data_sqlite=False -o poco:enable_activerecord=False -o poco:enable_redis=False -o poco:enable_mongodb=False recipes/poco/all poco/1.12.4@

=> works

conan create -o poco:enable_data=False -o poco:enable_data_mysql=False -o poco:enable_data_postgresql=False -o poco:enable_data_sqlite=False -o poco:enable_activerecord=False -o poco:enable_redis=False -o poco:enable_mongodb=False --require-override=openssl/3.0.7@ recipes/poco/all poco/1.12.4@

(I added a --require-override=openssl/3.0.7@ here.)

=> fails as of now, because Poco's CMakeLists.txt does not see a positive OPENSSL_FOUND and thus I run into #13577 (so far only fixed for OpenSSL 1.x.x)
=> will be fixed once this PR was accepted

(Note: I only disabled any irrelevant Poco component just to have it compile faster so that I get results more quickly.)

[jngrb]

Based on my tests with the last commits, I see that the MacOS failures are not introduced with this PR. It seems that the legacy provider from the shared object ossl-modules/legacy.so does not work on MacOS even before this PR. I cannot find a solution because I don't have an Apple device to build on.

A workaround is to either use openssl:no_legacy = True so that there are no legacy algorithms at all. Or to use openssl:no_module = True to compile the legacy providers directly into the main library.

As I cannot change the default value for these options without introducing breaking changes for the consumer, I can only raise a ConanInvalidConfiguration exception (in line with the comment above) for os = MacOS and openssl:no_legacy = False && openssl:no_module = False until this is fixed.

[Croydon]

Why did you delete this?

[jngrb]

because these files are no lot generated for the CMakeDeps generator.

I would need the cmake, cmake_find_package, and pkg_config generators as for the test_v1_package test package (where this check is included).

Also compare that the *.pc files are also only checked for the 1.x.x test_v1_package, not for the 1.x.x test_package.

[github-actions]

Hooks produced the following warnings for commit e1eb0c0

openssl/3.0.7

post_package(): WARN: [APPLE RELOCATABLE SHARED LIBS (KB-H077)] install_name dir of these shared libs is not @rpath: libssl.dylib, libssl.3.dylib, libcrypto.3.dylib, libcrypto.dylib

openssl/3.0.5

post_package(): WARN: [APPLE RELOCATABLE SHARED LIBS (KB-H077)] install_name dir of these shared libs is not @rpath: libssl.dylib, libssl.3.dylib, libcrypto.3.dylib, libcrypto.dylib

[Croydon]

LGTM

[jngrb]

Attempted the conan v2 port for OpenSSL 3.x.x in PR #16563

[roalter]

Is there a reason why this is still in the queue?
@prince-chrismc @jcar87 : Maybe some of you could give it a try to review & integrate? There are still getting CVEs on OpenSSL; picking newer OpenSSL versions a little bit faster would be a great opportunity.

[jcar87]

Is there a reason why this is still in the queue? @prince-chrismc @jcar87 : Maybe some of you could give it a try to review & integrate? There are still getting CVEs on OpenSSL; picking newer OpenSSL versions a little bit faster would be a great opportunity.

Hi @roalter - this is on my stack today, including for support for Conan 2.0 for this recipe. The issues that @jngrb mentions in #14426 (comment) were addressed not long ago.
On the other hand, if I'm not mistaken the issue addressed in this PR is not a blocker for adding new versions.

I will make sure to include version 3.1.0 as well, thanks for the heads up!

[conan-center-bot]

Conan v1 pipeline ✔️

All green in build 16 (4d4c5331e31adaeac2d3945be88a4942fe3cafff):

• openssl/3.0.7@:
  All packages built successfully! (All logs)

• openssl/3.0.8@:
  All packages built successfully! (All logs)

• openssl/3.0.5@:
  All packages built successfully! (All logs)

---

Conan v2 pipeline (informative, not required for merge) ❌

Note: Conan v2 builds are informative and they are not required for the PR to be merged.

The v2 pipeline failed. Please, review the errors and note this will be required for pull requests to be merged in the near future.

See details:

Failure in build 17 (4d4c5331e31adaeac2d3945be88a4942fe3cafff):

• openssl/3.0.8@:
  Error running command conan export --name openssl --version 3.0.8 recipes/openssl/3.x.x/conanfile.py:

  ======== Exporting recipe to the cache ========
  ERROR: Error loading conanfile at '/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py': Unable to load conanfile in /home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py
    File "<frozen importlib._bootstrap_external>", line 728, in exec_module
    File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
    File "/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py", line 6, in <module>
      from conans import AutoToolsBuildEnvironment, tools
  ImportError: cannot import name 'AutoToolsBuildEnvironment' from 'conans' (/opt/pyenv/versions/3.7.13/lib/python3.7/site-packages/conans/__init__.py)
  

• openssl/3.0.5@:
  Error running command conan export --name openssl --version 3.0.5 recipes/openssl/3.x.x/conanfile.py:

  ======== Exporting recipe to the cache ========
  ERROR: Error loading conanfile at '/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py': Unable to load conanfile in /home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py
    File "<frozen importlib._bootstrap_external>", line 728, in exec_module
    File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
    File "/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py", line 6, in <module>
      from conans import AutoToolsBuildEnvironment, tools
  ImportError: cannot import name 'AutoToolsBuildEnvironment' from 'conans' (/opt/pyenv/versions/3.7.13/lib/python3.7/site-packages/conans/__init__.py)
  

• openssl/3.0.7@:
  Error running command conan export --name openssl --version 3.0.7 recipes/openssl/3.x.x/conanfile.py:

  ======== Exporting recipe to the cache ========
  ERROR: Error loading conanfile at '/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py': Unable to load conanfile in /home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py
    File "<frozen importlib._bootstrap_external>", line 728, in exec_module
    File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
    File "/home/conan/w/prod-v2_cci_PR-14426/recipes/openssl/3.x.x/conanfile.py", line 6, in <module>
      from conans import AutoToolsBuildEnvironment, tools
  ImportError: cannot import name 'AutoToolsBuildEnvironment' from 'conans' (/opt/pyenv/versions/3.7.13/lib/python3.7/site-packages/conans/__init__.py)
  

---

^{Note: To save resources, CI tries to finish as soon as an error is found. For this reason you might find that not all the references have been launched or not all the configurations for a given reference. Also, take into account that we cannot guarantee the order of execution as it depends on CI workload and workers availability.}

[github-actions]

Hooks produced the following warnings for commit 4d4c533

openssl/3.0.7

post_package(): WARN: [APPLE RELOCATABLE SHARED LIBS (KB-H077)] install_name dir of these shared libs is not @rpath: libssl.dylib, libssl.3.dylib, libcrypto.3.dylib, libcrypto.dylib

openssl/3.0.8

post_package(): WARN: [APPLE RELOCATABLE SHARED LIBS (KB-H077)] install_name dir of these shared libs is not @rpath: libssl.dylib, libssl.3.dylib, libcrypto.3.dylib, libcrypto.dylib

openssl/3.0.5

post_package(): WARN: [APPLE RELOCATABLE SHARED LIBS (KB-H077)] install_name dir of these shared libs is not @rpath: libssl.dylib, libssl.3.dylib, libcrypto.3.dylib, libcrypto.dylib

[jcar87]

Hi @jngrb - I've partially added the changes from this PR into this one, preserving your authorship:
#16658

Please let me know if this addresses the issues with poco that you have mentioned. If there are any other changes from this PR that you wish you bring forward, please let us know once the PR branch has been sync'ed up with the head of master, and we'll happily review this. If the recipe is already satisfactory, please close this PR :)

Thanks for your contribution!

[jngrb]

Hi @jngrb - I've partially added the changes from this PR into this one, preserving your authorship: #16658

Please let me know if this addresses the issues with poco that you have mentioned. If there are any other changes from this PR that you wish you bring forward, please let us know once the PR branch has been sync'ed up with the head of master, and we'll happily review this. If the recipe is already satisfactory, please close this PR :)

Thank you. All my requirements are now met. I close this PR.