Opened 2 years ago

Closed 2 years ago

#1611 closed defect (duplicate)

Compile error (Werror=incompatible-pointer-types) with LibreSSL 2.8.0

Reported by: Ruud van Asseldonk Owned by:
Priority: minor Milestone:
Component: other Version: 1.15.x
Keywords: Cc:
uname -a: Linux xps15 4.17.13-arch1-1-ARCH #1 SMP PREEMPT Mon Aug 6 23:06:31 UTC 2018 x86_64 GNU/Linux
nginx -V: Not applicable, but these are my configure flags:

--prefix=/nix/store/rhchv84gyqc9gcjzf8aizm2mjqbs8pf9-nginx-1.15.2 --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-threads --with-pcre-jit --add-module=ngx_brotli --group=nogroup --conf-path=/nix/store/av03qkmp7j6wal2ap9dy7dx687cclzlg-nginx.conf --pid-path=/dev/null --error-log-path=stderr --http-client-body-temp-path=/tmp/client_body_temp --http-fastcgi-temp-path=/tmp/fastcgi_temp --http-proxy-temp-path=/tmp/proxy_temp --http-scgi-temp-path=/tmp/scgi_temp --http-uwsgi-temp-path=/tmp/uwsgi_temp

Description

When compiling 1.15.2 with LibreSSL 2.8.0, I get the following warning as error:

src/event/ngx_event_openssl.c: In function 'ngx_ssl_session_cache':
src/event/ngx_event_openssl.c:2340:43: error: passing argument 2 of 'SSL_CTX_sess_set_get_cb' from incompatible pointer type [-Werror=incompatible-pointer-types]
         SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from src/event/ngx_event_openssl.h:15:0,
                 from src/core/ngx_core.h:83,
                 from src/event/ngx_event_openssl.c:9:
/nix/store/jqkvzab46b6dp64y7lz3m5qd8rk0j1ks-libressl-2.8.0-dev/include/openssl/ssl.h:729:6: note: expected 'SSL_SESSION * (*)(struct ssl_st *, const unsigned char *, int,  int *) {aka struct ssl_session_st * (*)(struct ssl_st *, const unsigned char *, int,  int *)}' but argument is of type 'SSL_SESSION * (*)(SSL *, u_char *, int,  int *) {aka struct ssl_session_st * (*)(struct ssl_st *, unsigned char *, int,  int *)}'
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
      ^~~~~~~~~~~~~~~~~~~~~~~

With nginx 1.14.0 and LibreSSL 2.8.0 I get the same error.
With nginx 1.14.0 and LibreSSL 2.7.4 I get no error,
and with nginx 1.15.2 and LibreSSL 2.7.4 I get no error either.

As far as I can tell, the difference is that an unsigned char* type is used where LibreSSL now expects a const unsigned char*.

The LibreSSL release notes for 2.8.0 [1] do mention:

Added const annotations to many existing APIs from OpenSSL, making
interoperability easier for downstream applications.

Is this something that could be corrected in nginx? Or is LibreSSL wrong to add the const annotation in this case?

[1]: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.8.0-relnotes.txt

Attachments (1)

nginx-libre.patch (856 bytes ) - added by Ruud van Asseldonk 2 years ago.

Download all attachments as: .zip

Change History (3)

by Ruud van Asseldonk, 2 years ago

Attachment: nginx-libre.patch added

comment:1 by Ruud van Asseldonk, 2 years ago

The attached patch resolves the issue for me. I verified that I could compile 1.15.2 with both LibreSSL 2.7.4 and 2.8.0 with this patch.

comment:2 by Maxim Dounin, 2 years ago

Resolution: duplicate
Status: newclosed

Duplicate of #1605.

Note: See TracTickets for help on using tickets.