Unable to build nginx with latests BoringSSL version

[iz8mbw@…]

Hello.
My system is Linux, Ubuntu 22.04, x86_64, gcc 12.3.0, OpenSSL system version 3.0.2.
I was able to build nginx with BoringSSL but since some days, using the latests version of BoringSSL, I cannot do it anymore.
I suppose this BoringSSL Commit create the issue: ​https://github.com/google/boringssl/commit/23824fa0fed94f4660ffafb15aaea8b317f2c8a6

In details, during Configure, it seems nginx is not able to detect OpenSSL:

adding module in /root/autobuild/ngx_http_substitutions_filter_module-master
 + ngx_http_subs_filter_module was configured
adding module in /root/autobuild/ngx_brotli
 + ngx_brotli was configured
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found

/root/autobuild/nginx-1.25.4/configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

This is my configure:

configure --with-http_v3_module --with-cc-opt="-I/opt/boringsslnew/include" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto"  --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=$path/ngx_http_substitutions_filter_module-master --add-module=$path/ngx_brotli

Instead, if I use an older version of BoringSSL (a version before 16 Feb 2024), I'm able to build it:

nginx version: nginx/1.25.4
built by gcc 12.3.0 (Ubuntu 12.3.0-1ubuntu1~22.04) 
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v3_module --with-cc-opt=-I/opt/boringssl/include --with-ld-opt='-L/opt/boringssl/build/ssl -L/opt/boringssl/build/crypto' --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=/root/autobuild/ngx_http_substitutions_filter_module-master --add-module=/root/autobuild/ngx_brotli

I hope there will be a fix.
Many thanks!

[Roman Arutyunyan]

Duplicate of #2605

[iz8mbw@…]

Hi all.
I was able to fix.
Since I would like to use the latest version of PCRE (and so not the PCRE version available into the Operating System), I normally configure/compile nginx by specify the source code on PCRE, I do this with

--with-pcre=/opt/pcre2_source_code

.

Since now we are "forcing" the nginx building with

--with-cc=c++

to fix the BoringSSL issues, I suppose this broke the building of PCRE.

So what I did is to build PCRE (before to build nginx) and after, when going to configure nginx, provide to nginx the path where find PCRE.

This is the part of "configure" about BoringSSL (previously built) and PCRE (previously built):

configure --with-cc=c++ --with-cc-opt="-I/opt/boringsslnew/include -I/opt/pcre2built/include -x c" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto -L/opt/pcre2built/lib"

Regards.

[m.herasimovich]

Milestone renamed