Opened 4 months ago

Closed 4 months ago

#2377 closed defect (invalid)

Issue compiling nginx-quic

Reported by: jfha73@… Owned by:
Priority: major Milestone:
Component: http/3 Version:
Keywords: Cc:
uname -a: Linux centos 5.14.0-142.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Aug 4 18:15:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: N/A

Description

Hey guys,

I have been trying to compile nginx-quic using the instructions from the readme tab, I tried using BoringSSL and OpenSSL from https://github.com/quictls/openssl from 2 Linux boxes, one is an Ubuntu 22.04, the other is CentOS Stream 9, but it fails in both cases, this is the latest error I get:

nginx-quic/src/http/modules/ngx_http_ssl_module.c:763: undefined reference to `SSL_CTX_set_tlsext_servername_callback'

Any ideas what I can be missing?

Thanks.

Change History (3)

comment:1 by Sergey Kandaurov, 4 months ago

SSL_CTX_set_tlsext_servername_callback API presents since OpenSSL 0.9.8 branch.
You need to provide more details, such as nginx configure string.

comment:2 by jfha73@…, 4 months ago

OK, I finally got it to compile in my Ubuntu Box, this is what it shows (same configure string as CentOS):

nginx version: nginx/1.23.1
built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1)
built with OpenSSL 3.0.5+quic 5 Jul 2022
TLS SNI support enabled
configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/iclude --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-openssl=../openssl

I have it onfigured this way:

server {

listen 443 ssl;
listen 443 http3 reuseport;
server_name localhost;

ssl_protocols TLSv1.3;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {

root /var/www/html;
index index.html index.htm;
add_header Alt-Svc 'h3=":443"';

}

}

But when I visit it, the browser says it's HTTP/1.1, not HTTP/3.

Any idea what I might be missing?

comment:3 by Sergey Kandaurov, 4 months ago

Resolution: invalid
Status: newclosed

So, there is no problem with compiling nginx. Closing this.

For the record, providing include and library paths by hand for your SSL library and using the --with-openssl option are implied to be mutually exclusive.

Testing with a browser is not the best way to know if HTTP/3 support is actually enabled, you may want to start with simple tools such as Curl.

If you need further help with configuring nginx, please use support options available.

Note: See TracTickets for help on using tickets.