mirror of https://github.com/google/oss-fuzz.git
d4e8acd9ca
The certificate of https://gmplib.org/ has expired. The website displays the following message: ``` YES, THE CERTIFICATE IS EXPIRED. Sorry about that. We're working on the renewal process. Unfortunately, our SSL provider changes the renewal interface each year, and it is always a challenge to figure out what to do. Now the only actions are REGENERATE (actiually not, as the cert is expired), REVOKE (well, not desirable) and INTERMEDIATE CERTIFICATE (which is not an action but a thing, oh well. ``` But this is breaking a lot of builds and this still hasn't been fixed after a few days, so with this PR I'm instead downloading the libgmp source archive and bypass the certificate check and manually verify the sha256 hash of the downloaded file. Only the `cryptofuzz` and `bignum-fuzzer` projects ideally need to use the latest repository checkout, instead of a versioned source archive, because with these projects the aim is to find bugs in libgmp. In all other projects, libgmp only serves as an oracle, and using the latest stable version is fine. Once gmp fixes their certificate, I will revert `cryptofuzz` and `bignum-fuzzer` to use the repository again. For now it's ok to use the latest stable version. |
||
|---|---|---|
| .. | ||
| Dockerfile | ||
| bignum.options | ||
| build.sh | ||
| project.yaml | ||