Openssl: Bugs in compiling OpenSSL 3.0 Alpha1 within nginx
openssl 1.1.1g do well.
in OpenSSL 3.0 Alpha1:
cc -O3 -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -O3 -I src/core -I src/event -I src/event/modules -I src/os/unix -I src/http/modules/perl -I ../openssl-3.0.0-alpha1/.openssl/include -I /usr/include/libxml2 -I objs \
-o objs/src/event/ngx_event_openssl.o \
src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_client_certificate’:
src/event/ngx_event_openssl.c:881:5: error: ‘SSL_CTX_load_verify_locations’ is deprecated [-Werror=deprecated-declarations]
881 | if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
| ^~
In file included from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslv.h:109,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:11,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslconf.h:14,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:10,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:16,
from src/event/ngx_event_openssl.h:15,
from src/core/ngx_core.h:84,
from src/event/ngx_event_openssl.c:9:
../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:2028:29: note: declared here
2028 | DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:38:39: note: in definition of macro ‘DECLARE_DEPRECATE’
38 | # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
| ^
../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:2028:1: note: in expansion of macro ‘DEPRECATEDIN_3_0’
2028 | DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_trusted_certificate’:
src/event/ngx_event_openssl.c:925:5: error: ‘SSL_CTX_load_verify_locations’ is deprecated [-Werror=deprecated-declarations]
925 | if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
| ^~
In file included from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslv.h:109,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:11,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslconf.h:14,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:10,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:16,
from src/event/ngx_event_openssl.h:15,
from src/core/ngx_core.h:84,
from src/event/ngx_event_openssl.c:9:
../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:2028:29: note: declared here
2028 | DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:38:39: note: in definition of macro ‘DECLARE_DEPRECATE’
38 | # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
| ^
../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:2028:1: note: in expansion of macro ‘DEPRECATEDIN_3_0’
2028 | DEPRECATEDIN_3_0(__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
| ^~~~~~~~~~~~~~~~
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_error’:
src/event/ngx_event_openssl.c:3039:13: error: ‘ERR_peek_error_line_data’ is deprecated [-Werror=deprecated-declarations]
3039 | n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
| ^
In file included from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslv.h:109,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:11,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslconf.h:14,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:10,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:16,
from src/event/ngx_event_openssl.h:15,
from src/core/ngx_core.h:84,
from src/event/ngx_event_openssl.c:9:
../openssl-3.0.0-alpha1/.openssl/include/openssl/err.h:303:32: note: declared here
303 | DEPRECATEDIN_3_0(unsigned long ERR_peek_error_line_data(const char **file,
| ^~~~~~~~~~~~~~~~~~~~~~~~
../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:38:39: note: in definition of macro ‘DECLARE_DEPRECATE’
38 | # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
| ^
../openssl-3.0.0-alpha1/.openssl/include/openssl/err.h:303:1: note: in expansion of macro ‘DEPRECATEDIN_3_0’
303 | DEPRECATEDIN_3_0(unsigned long ERR_peek_error_line_data(const char **file,
| ^~~~~~~~~~~~~~~~
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_ticket_key_callback’:
src/event/ngx_event_openssl.c:3949:9: error: ‘HMAC_Init_ex’ is deprecated [-Werror=deprecated-declarations]
3949 | if (HMAC_Init_ex(hctx, key[0].hmac_key, size, digest, NULL) != 1) {
| ^~
In file included from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslv.h:109,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:11,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslconf.h:14,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:10,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:16,
from src/event/ngx_event_openssl.h:15,
from src/core/ngx_core.h:84,
from src/event/ngx_event_openssl.c:9:
../openssl-3.0.0-alpha1/.openssl/include/openssl/hmac.h:39:22: note: declared here
39 | DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
| ^~~~~~~~~~~~
../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:38:39: note: in definition of macro ‘DECLARE_DEPRECATE’
38 | # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
| ^
../openssl-3.0.0-alpha1/.openssl/include/openssl/hmac.h:39:1: note: in expansion of macro ‘DEPRECATEDIN_3_0’
39 | DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
| ^~~~~~~~~~~~~~~~
src/event/ngx_event_openssl.c:3993:9: error: ‘HMAC_Init_ex’ is deprecated [-Werror=deprecated-declarations]
3993 | if (HMAC_Init_ex(hctx, key[i].hmac_key, size, digest, NULL) != 1) {
| ^~
In file included from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslv.h:109,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:11,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/opensslconf.h:14,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:10,
from ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h:16,
from src/event/ngx_event_openssl.h:15,
from src/core/ngx_core.h:84,
from src/event/ngx_event_openssl.c:9:
../openssl-3.0.0-alpha1/.openssl/include/openssl/hmac.h:39:22: note: declared here
39 | DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
| ^~~~~~~~~~~~
../openssl-3.0.0-alpha1/.openssl/include/openssl/macros.h:38:39: note: in definition of macro ‘DECLARE_DEPRECATE’
38 | # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated));
| ^
../openssl-3.0.0-alpha1/.openssl/include/openssl/hmac.h:39:1: note: in expansion of macro ‘DEPRECATEDIN_3_0’
39 | DEPRECATEDIN_3_0(int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
| ^~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
make[1]: *** [objs/Makefile:994: objs/src/event/ngx_event_openssl.o] Error 1
make[1]: Leaving directory '/root/nginx-1.18.0'
make: *** [Makefile:8: build] Error 2
environment:
ubuntu 20.04
gcc-10
nginx-1.18.0
bash command:
./configure --prefix=/etc/nginx --with-openssl=../openssl-3.0.0-alpha1 --with-openssl-opt="enable-tls1_3 enable-tls1_2 enable-tls1 enable-ssl enable-ssl2 enable-ssl3 enable-ec_nistp_64_gcc_128 shared threads zlib-dynamic sctp" --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-pcre --with-libatomic --with-compat --with-cpp_test_module --with-google_perftools_module --with-file-aio --with-threads --with-poll_module --with-select_module --with-cc='cc -O3' --with-cc-opt=-O3
make
There is another bugs, and I have fixed it. The environment is the same. It is
gcc -Icrypto -I. -Iinclude -Iproviders/common/include -Iproviders/implementations/include -Icrypto/include -DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_BUILDING_OPENSSL -DOPENSSL_PIC -DOPENSSLDIR="\"/root/nginx-1.18.0/../openssl-3.0.0-alpha1/.openssl/ssl\"" -DENGINESDIR="\"/root/nginx-1.18.0/../openssl-3.0.0-alpha1/.openssl/lib/engines-3\"" -DMODULESDIR="\"/root/nginx-1.18.0/../openssl-3.0.0-alpha1/.openssl/lib/ossl-modules\"" -DZLIB -DZLIB_SHARED -DNDEBUG -MMD -MF crypto/libcrypto-lib-cversion.d.tmp -MT crypto/libcrypto-lib-cversion.o -c -o crypto/libcrypto-lib-cversion.o crypto/cversion.c
In file included from include/openssl/macros.h:11,
from include/openssl/opensslconf.h:14,
from include/openssl/macros.h:10,
from include/openssl/crypto.h:15,
from include/internal/cryptlib.h:23,
from crypto/cversion.c:10:
crypto/cversion.c: In function 'OpenSSL_version':
include/openssl/opensslv.h:91:54: error: expected ';' before numeric constant
91 | # define OPENSSL_VERSION_TEXT "OpenSSL 3.0.0-alpha1 "23 Apr 2020""
| ^~
crypto/cversion.c:50:16: note: in expansion of macro 'OPENSSL_VERSION_TEXT'
50 | return OPENSSL_VERSION_TEXT;
| ^~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:15691: crypto/libcrypto-lib-cversion.o] Error 1
make[3]: Leaving directory '/root/openssl-3.0.0-alpha1'
make[2]: *** [Makefile:3009: build_sw] Error 2
make[2]: Leaving directory '/root/openssl-3.0.0-alpha1'
make[1]: *** [objs/Makefile:2032: ../openssl-3.0.0-alpha1/.openssl/include/openssl/ssl.h] Error 2
make[1]: Leaving directory '/root/nginx-1.18.0'
make: *** [Makefile:8: build] Error 2
I check for include/openssl/opensslv.h, it seem like this
so I edit include/openssl/opensslv.h.in in line 91
from
# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
to
# define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version}" -}"
kirin10000
All 3 comments
A lot of functions have been deprecated for OpenSSL 3.0, see the [OpenSSL 3.0 Wiki Page]. Using deprecated functions normally only generates a warning, but the compiler wa instructed to treat warnings as errors (-Werror).
The last issue in opensslv.h.in is a known issue. For a workaround, see the [Installation and Compilation of OpenSSL 3.0] section in the Wiki Page
mspncp
on 27 Apr 2020
👍1
The last issue in opensslv.h.in is a known issue.
It took me a while to find it: it's issue #11618.
mspncp
on 27 Apr 2020
👍1
A lot of functions have been deprecated for OpenSSL 3.0, see the OpenSSL 3.0 Wiki Page. Using deprecated functions normally only generates a warning, but the compiler wa instructed to treat warnings as errors (
-Werror).The last issue in opensslv.h.in is a known issue. For a workaround, see the Installation and Compilation of OpenSSL 3.0 section in the Wiki Page
Thanks, successfully compiled nginx with OpenSSL 3.0 Alpha1 without -Werror.
kirin10000
on 27 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
Legends
·
3Comments
alexh-sauce
·
3Comments
p-mongo
·
3Comments
372979131
·
3Comments
phongpro1996
·
4Comments