id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1611	Compile error (Werror=incompatible-pointer-types) with LibreSSL 2.8.0	Ruud van Asseldonk		"When compiling 1.15.2 with LibreSSL 2.8.0, I get the following warning as error:

{{{
src/event/ngx_event_openssl.c: In function 'ngx_ssl_session_cache':
src/event/ngx_event_openssl.c:2340:43: error: passing argument 2 of 'SSL_CTX_sess_set_get_cb' from incompatible pointer type [-Werror=incompatible-pointer-types]
         SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from src/event/ngx_event_openssl.h:15:0,
                 from src/core/ngx_core.h:83,
                 from src/event/ngx_event_openssl.c:9:
/nix/store/jqkvzab46b6dp64y7lz3m5qd8rk0j1ks-libressl-2.8.0-dev/include/openssl/ssl.h:729:6: note: expected 'SSL_SESSION * (*)(struct ssl_st *, const unsigned char *, int,  int *) {aka struct ssl_session_st * (*)(struct ssl_st *, const unsigned char *, int,  int *)}' but argument is of type 'SSL_SESSION * (*)(SSL *, u_char *, int,  int *) {aka struct ssl_session_st * (*)(struct ssl_st *, unsigned char *, int,  int *)}'
 void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
      ^~~~~~~~~~~~~~~~~~~~~~~
}}}

With nginx 1.14.0 and LibreSSL 2.8.0 I get the same error.
With nginx 1.14.0 and LibreSSL 2.7.4 I get no error,
and with nginx 1.15.2 and LibreSSL 2.7.4 I get no error either.

As far as I can tell, the difference is that an unsigned char* type is used where LibreSSL now expects a const unsigned char*.

The LibreSSL release notes for 2.8.0 [1] do mention:

  Added const annotations to many existing APIs from OpenSSL, making
  interoperability easier for downstream applications.

Is this something that could be corrected in nginx? Or is LibreSSL wrong to add the const annotation in this case?

[1]: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.8.0-relnotes.txt"	defect	closed	minor		other	1.15.x	duplicate			Linux xps15 4.17.13-arch1-1-ARCH #1 SMP PREEMPT Mon Aug 6 23:06:31 UTC 2018 x86_64 GNU/Linux	"Not applicable, but these are my configure flags:

--prefix=/nix/store/rhchv84gyqc9gcjzf8aizm2mjqbs8pf9-nginx-1.15.2 --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --with-threads --with-pcre-jit --add-module=ngx_brotli --group=nogroup --conf-path=/nix/store/av03qkmp7j6wal2ap9dy7dx687cclzlg-nginx.conf --pid-path=/dev/null --error-log-path=stderr --http-client-body-temp-path=/tmp/client_body_temp --http-fastcgi-temp-path=/tmp/fastcgi_temp --http-proxy-temp-path=/tmp/proxy_temp --http-scgi-temp-path=/tmp/scgi_temp --http-uwsgi-temp-path=/tmp/uwsgi_temp"