Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#1964 closed defect (wontfix)

Bugs in compiling nginx with OpenSSL 3.0 Alpha1

Reported by: kirin10000@… Owned by:
Priority: major Milestone:
Component: nginx-module Version: 1.18.x
Keywords: bugs OpenSSL 3.0 Alpha1 Cc:
uname -a: 5.7.0-050700rc2-generic
nginx -V: nginx version: nginx/1.18.0
built by gcc 10.0.1 20200411 (experimental) [master revision bb87d5cc77d:75961caccb7:f883c46b4877f637e0fa5025b4d6b5c9040ec566] (Ubuntu 10-20200411-0ubuntu1)
built with OpenSSL 3.0.0-alpha1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --with-openssl=../openssl-3.0.0-alpha1 --with-openssl-opt='enable-tls1_3 enable-tls1_2 enable-tls1 enable-ssl enable-ssl2 enable-ssl3 enable-ec_nistp_64_gcc_128 shared threads zlib-dynamic sctp' --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-stream_ssl_preread_module --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-pcre --with-libatomic --with-compat --with-cpp_test_module --with-google_perftools_module --with-file-aio --with-threads --with-poll_module --with-select_module --with-cc-opt=-O3

Description (last modified by Maxim Dounin)

I meet some bugs when compiling nginx with OpenSSL 3.0 Alpha1. I report it to openssl github, it seems that it is nginx that use the functions which have been deprecated.
The bug report is very detailed in the report on github,so I will not copy it again here.

Change History (2)

comment:1 by Maxim Dounin, 4 years ago

Description: modified (diff)
Resolution: wontfix
Status: newclosed

There are two issues in the build log referenced:

  1. The bug in OpenSSL code which results in incorrect OPENSSL_VERSION_TEXT constant. This is to be addressed by the OpenSSL team.
  2. Various deprecations of OpenSSL library functions. These need changes in nginx. As a temporary workaround you may try configuring nginx with --with-cc-opt="-Wno-error".

Note well that there are also behaviour changes in the OpenSSL library which won't result in compilation failure, but will cause incorrect behaviour (for example, see here and here).

We'll consider introducing support for the new OpenSSL library. Note though that this is more likely to happen, if at all, once a release version is available.

comment:2 by Maxim Dounin, 3 years ago

See also #2143.

Note: See TracTickets for help on using tickets.