Opened 9 months ago

Closed 9 months ago

Last modified 8 months ago

#2612 closed defect (duplicate)

Unable to build nginx with latests BoringSSL version

Reported by: iz8mbw@… Owned by:
Priority: major Milestone: nginx-1.26
Component: nginx-core Version: 1.25.x
Keywords: Cc: iz8mbw@…
uname -a: Linux ubuntu 6.5.0-21-generic #21~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Feb 9 13:32:52 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.25.4
built by gcc 12.3.0 (Ubuntu 12.3.0-1ubuntu1~22.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v3_module --with-cc-opt=-I/opt/boringssl/include --with-ld-opt='-L/opt/boringssl/build/ssl -L/opt/boringssl/build/crypto' --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=/root/autobuild/ngx_http_substitutions_filter_module-master --add-module=/root/autobuild/ngx_brotli

Description

Hello.
My system is Linux, Ubuntu 22.04, x86_64, gcc 12.3.0, OpenSSL system version 3.0.2.
I was able to build nginx with BoringSSL but since some days, using the latests version of BoringSSL, I cannot do it anymore.
I suppose this BoringSSL Commit create the issue: https://github.com/google/boringssl/commit/23824fa0fed94f4660ffafb15aaea8b317f2c8a6

In details, during Configure, it seems nginx is not able to detect OpenSSL:

adding module in /root/autobuild/ngx_http_substitutions_filter_module-master
 + ngx_http_subs_filter_module was configured
adding module in /root/autobuild/ngx_brotli
 + ngx_brotli was configured
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found

/root/autobuild/nginx-1.25.4/configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

This is my configure:

configure --with-http_v3_module --with-cc-opt="-I/opt/boringsslnew/include" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto"  --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=$path/ngx_http_substitutions_filter_module-master --add-module=$path/ngx_brotli

Instead, if I use an older version of BoringSSL (a version before 16 Feb 2024), I'm able to build it:

nginx version: nginx/1.25.4
built by gcc 12.3.0 (Ubuntu 12.3.0-1ubuntu1~22.04) 
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-http_ssl_module --with-http_v3_module --with-cc-opt=-I/opt/boringssl/include --with-ld-opt='-L/opt/boringssl/build/ssl -L/opt/boringssl/build/crypto' --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --user=www-data --group=www-data --with-debug --with-stream --with-http_v2_module --with-pcre=/opt/pcre2 --with-pcre-jit --with-http_perl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --add-module=/root/autobuild/ngx_http_substitutions_filter_module-master --add-module=/root/autobuild/ngx_brotli


I hope there will be a fix.
Many thanks!

Change History (3)

comment:1 by Roman Arutyunyan, 9 months ago

Resolution: duplicate
Status: newclosed

Duplicate of #2605

comment:2 by iz8mbw@…, 9 months ago

Hi all.
I was able to fix.
Since I would like to use the latest version of PCRE (and so not the PCRE version available into the Operating System), I normally configure/compile nginx by specify the source code on PCRE, I do this with

--with-pcre=/opt/pcre2_source_code

.

Since now we are "forcing" the nginx building with

--with-cc=c++

to fix the BoringSSL issues, I suppose this broke the building of PCRE.

So what I did is to build PCRE (before to build nginx) and after, when going to configure nginx, provide to nginx the path where find PCRE.

This is the part of "configure" about BoringSSL (previously built) and PCRE (previously built):

configure --with-cc=c++ --with-cc-opt="-I/opt/boringsslnew/include -I/opt/pcre2built/include -x c" --with-ld-opt="-L/opt/boringsslnew/build/ssl -L/opt/boringsslnew/build/crypto -L/opt/pcre2built/lib"

Regards.

Version 0, edited 9 months ago by iz8mbw@… (next)

comment:3 by m.herasimovich, 8 months ago

Milestone: nginx-1.25nginx-1.26

Milestone renamed

Note: See TracTickets for help on using tickets.