Opened 2 years ago
Closed 2 years ago
#2377 closed defect (invalid)
Issue compiling nginx-quic
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | http/3 | Version: | |
| Keywords: | Cc: | ||
| uname -a: | Linux centos 5.14.0-142.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Aug 4 18:15:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: | N/A | ||
Description
Hey guys,
I have been trying to compile nginx-quic using the instructions from the readme tab, I tried using BoringSSL and OpenSSL from https://github.com/quictls/openssl from 2 Linux boxes, one is an Ubuntu 22.04, the other is CentOS Stream 9, but it fails in both cases, this is the latest error I get:
nginx-quic/src/http/modules/ngx_http_ssl_module.c:763: undefined reference to `SSL_CTX_set_tlsext_servername_callback'
Any ideas what I can be missing?
Thanks.
Change History (3)
comment:1 by , 2 years ago
comment:2 by , 2 years ago
OK, I finally got it to compile in my Ubuntu Box, this is what it shows (same configure string as CentOS):
nginx version: nginx/1.23.1
built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1)
built with OpenSSL 3.0.5+quic 5 Jul 2022
TLS SNI support enabled
configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/iclude --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-openssl=../openssl
I have it onfigured this way:
server {
listen 443 ssl;
listen 443 http3 reuseport;
server_name localhost;
ssl_protocols TLSv1.3;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html;
index index.html index.htm;
add_header Alt-Svc 'h3=":443"';
}
}
But when I visit it, the browser says it's HTTP/1.1, not HTTP/3.
Any idea what I might be missing?
comment:3 by , 2 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
So, there is no problem with compiling nginx. Closing this.
For the record, providing include and library paths by hand for your SSL library and using the --with-openssl option are implied to be mutually exclusive.
Testing with a browser is not the best way to know if HTTP/3 support is actually enabled, you may want to start with simple tools such as Curl.
If you need further help with configuring nginx, please use support options available.
SSL_CTX_set_tlsext_servername_callback API presents since OpenSSL 0.9.8 branch.
You need to provide more details, such as nginx configure string.