Assuming TLS 1.3 since 0.7.0 causes build failure in GH Actions Windows runners

[aantron]

Trying to install package ssl 0.7.0 from opam in a GitHub Actions runner causes:

# ssl_stubs.c:311:32: error: 'SSL_OP_NO_TLSv1_3' undeclared here (not in a function); did you mean 'SSL_OP_NO_TLSv1_1'?
#   311 |                                SSL_OP_NO_TLSv1_3};
#       |                                ^~~~~~~~~~~~~~~~~
#       |                                SSL_OP_NO_TLSv1_1
# ssl_stubs.c: In function 'get_method':
# ssl_stubs.c:319:14: warning: implicit declaration of function 'TLS_client_method'; did you mean 'DTLS_client_method'? [-Wimplicit-function-declaration]
#   319 |     method = TLS_client_method();
#       |              ^~~~~~~~~~~~~~~~~
#       |              DTLS_client_method
# ssl_stubs.c:319:12: warning: assignment to 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
#   319 |     method = TLS_client_method();
#       |            ^
# ssl_stubs.c:323:14: warning: implicit declaration of function 'TLS_server_method'; did you mean 'DTLS_server_method'? [-Wimplicit-function-declaration]
#   323 |     method = TLS_server_method();
#       |              ^~~~~~~~~~~~~~~~~
#       |              DTLS_server_method
# ssl_stubs.c:323:12: warning: assignment to 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
#   323 |     method = TLS_server_method();
#       |            ^
# ssl_stubs.c:327:14: warning: implicit declaration of function 'TLS_method'; did you mean 'DTLS_method'? [-Wimplicit-function-declaration]
#   327 |     method = TLS_method();
#       |              ^~~~~~~~~~
#       |              DTLS_method
# ssl_stubs.c:327:12: warning: assignment to 'const SSL_METHOD *' {aka 'const struct ssl_method_st *'} from 'int' makes pointer from integer without a cast [-Wint-conversion]
#   327 |     method = TLS_method();
#       |            ^
# ssl_stubs.c: In function 'ocaml_ssl_version_of_tls_version':
# ssl_stubs.c:358:8: error: 'TLS1_3_VERSION' undeclared (first use in this function); did you mean 'TLS1_2_VERSION'?
#   358 |   case TLS1_3_VERSION:
#       |        ^~~~~~~~~~~~~~
#       |        TLS1_2_VERSION
# ssl_stubs.c:358:8: note: each undeclared identifier is reported only once for each function it appears in
# ssl_stubs.c: In function 'tls_version_of_ocaml_ssl_version':
# ssl_stubs.c:391:11: error: 'TLS1_3_VERSION' undeclared (first use in this function); did you mean 'TLS1_2_VERSION'?
#   391 |     ret = TLS1_3_VERSION;
#       |           ^~~~~~~~~~~~~~
#       |           TLS1_2_VERSION
# ssl_stubs.c: In function 'ocaml_ssl_ctx_set_min_proto_version':
# ssl_stubs.c:413:8: warning: implicit declaration of function 'SSL_CTX_set_min_proto_version'; did you mean 'ocaml_ssl_ctx_set_min_proto_version'? [-Wimplicit-function-declaration]
#   413 |   if (!SSL_CTX_set_min_proto_version(ssl_context, ssl_protocol)) {
#       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#       |        ocaml_ssl_ctx_set_min_proto_version
# ssl_stubs.c: In function 'ocaml_ssl_ctx_get_min_proto_version':
# ssl_stubs.c:425:21: warning: implicit declaration of function 'SSL_CTX_get_min_proto_version'; did you mean 'ocaml_ssl_ctx_get_min_proto_version'? [-Wimplicit-function-declaration]
#   425 |   int tls_version = SSL_CTX_get_min_proto_version(ssl_context);
#       |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#       |                     ocaml_ssl_ctx_get_min_proto_version
# ssl_stubs.c: In function 'ocaml_ssl_ctx_set_max_proto_version':
# ssl_stubs.c:[453](https://github.com/aantron/dream/actions/runs/10683497296/job/29611702223?pr=337#step:5:454):8: warning: implicit declaration of function 'SSL_CTX_set_max_proto_version'; did you mean 'ocaml_ssl_ctx_set_max_proto_version'? [-Wimplicit-function-declaration]
#   453 |   if (!SSL_CTX_set_max_proto_version(ssl_context, ssl_protocol)) {
#       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#       |        ocaml_ssl_ctx_set_max_proto_version
# ssl_stubs.c: In function 'ocaml_ssl_ctx_get_max_proto_version':
# ssl_stubs.c:465:21: warning: implicit declaration of function 'SSL_CTX_get_max_proto_version'; did you mean 'ocaml_ssl_ctx_get_max_proto_version'? [-Wimplicit-function-declaration]
#   465 |   int tls_version = SSL_CTX_get_max_proto_version(ssl_context);
#       |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#       |                     ocaml_ssl_ctx_get_max_proto_version
# ssl_stubs.c: In function 'set_protocol':
# ssl_stubs.c:485:19: error: 'TLS1_3_VERSION' undeclared (first use in this function); did you mean 'TLS1_2_VERSION'?
#   485 |   int max_proto = TLS1_3_VERSION;
#       |                   ^~~~~~~~~~~~~~
#       |                   TLS1_2_VERSION

Which, as I understand it, is caused by #133 removing conditional compilation checks for TLS 1.3.

We spotted this during aantron/dream#337, which, as a PR, probably has other problems, such as trying to drop using the OCaml for Windows sunset repo, so we will probably go back to doing that. And there are other problems further down, which suggest we might have to either pin ocaml-ssl to before 0.5.11, or find a way to upgrade OpenSSL in the runner. Do you know anything about how to install ocaml-ssl properly in GHA?

[anmonteiro]

I'd rather encourage you to upgrade libssl, since not having TLS 1.3 support at this point is rather suspicious.