Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.4] tls: FTB with new openssl 1.1.0 #834

Closed
linuxmaniac opened this issue Oct 27, 2016 · 6 comments
Closed

[4.4] tls: FTB with new openssl 1.1.0 #834

linuxmaniac opened this issue Oct 27, 2016 · 6 comments

Comments

@linuxmaniac
Copy link
Member

Even with

commit b29217e8036ead0d09c52616000d6b68d4512f86
Author: Daniel-Constantin Mierla <miconda@gmail.com>
Date:   Thu Sep 15 19:33:04 2016 +0200

    auth_identity: still use ASN1_STRING_data() for libssl < v1.1.0

    - from libssl v1.1.0, ASN1_STRING_data() is deprecated, but before it
      doesn't exist
    - reported by Victor Seva, GH #685

    (cherry picked from commit 8a46f415fb13b76fa3b071eecd7dc0401f99759e)

commit 0f2a129e4f1790f8d6502ac224b480d60126fb09
Author: Daniel-Constantin Mierla <miconda@gmail.com>
Date:   Thu Sep 15 16:30:30 2016 +0200

    auth_identity: switched to use pointer of X509_STORE_CTX

    - starting with libssl 1.1.0 the size of X509_STORE_CTX is not known at
      compile time, throwing error:

    error: storage size of 'ca_ctx' isn't known
       X509_STORE_CTX ca_ctx;

    - reported by Victor Seva, GH #685

    (cherry picked from commit 46f0f1c0f492c45c1b1bbcfd4a0cc63eb56480ea)

apt-cache policy libssl-dev
libssl-dev:
  Installed: 1.1.0b-1
  Candidate: 1.1.0b-1
  Version table:
 *** 1.1.0b-1 100
        100 /var/lib/dpkg/status

every-module group_include=ktls
Makefile:56: modules.lst: No such file or directory
Makefile:107: config.mak: No such file or directory
target architecture <x86_64>, host architecture <x86_64>
making config...
saving modules list...
CC (gcc) [M auth_identity.so]       auth_http.o
CC (gcc) [M auth_identity.so]       auth_hdrs.o
CC (gcc) [M auth_identity.so]       auth_tables.o
CC (gcc) [M auth_identity.so]       auth_identity.o
CC (gcc) [M auth_identity.so]       auth_crypt.o
CC (gcc) [M auth_identity.so]       auth_dynstr.o
LD (gcc) [M auth_identity.so]       auth_identity.so
CC (gcc) [M crypto.so]      crypto_uuid.o
CC (gcc) [M crypto.so]      crypto_mod.o
crypto_mod.c: In function 'w_crypto_aes_encrypt':
crypto_mod.c:161:17: error: storage size of 'en' isn't known
  EVP_CIPHER_CTX en;
                 ^~
crypto_mod.c:161:17: warning: unused variable 'en' [-Wunused-variable]
crypto_mod.c: In function 'w_crypto_aes_decrypt':
crypto_mod.c:241:17: error: storage size of 'de' isn't known
  EVP_CIPHER_CTX de;
                 ^~
crypto_mod.c:241:17: warning: unused variable 'de' [-Wunused-variable]
crypto_mod.c: In function 'crypto_aes_test':
crypto_mod.c:436:17: error: storage size of 'en' isn't known
  EVP_CIPHER_CTX en, de;
                 ^~
crypto_mod.c:436:21: error: storage size of 'de' isn't known
  EVP_CIPHER_CTX en, de;
                     ^~
crypto_mod.c:436:21: warning: unused variable 'de' [-Wunused-variable]
crypto_mod.c:436:17: warning: unused variable 'en' [-Wunused-variable]
  EVP_CIPHER_CTX en, de;
                 ^~
../../Makefile.rules:97: recipe for target 'crypto_mod.o' failed
make[1]: *** [crypto_mod.o] Error 1
Makefile:511: recipe for target 'modules' failed
make: *** [modules] Error 1
@miconda
Copy link
Member

miconda commented Oct 27, 2016

crypto module should be fixed by 8d83571

@linuxmaniac
Copy link
Member Author 

commit f97df2e6d4b9c721c97bcbd3b5930530604a127a
Author: Daniel-Constantin Mierla <miconda@gmail.com>
Date:   Fri Sep 16 12:49:50 2016 +0200

    crypto: updated to be compatible with api from libssl v1.1.0

    (cherry picked from commit 8d83571658471f162e35cb54ba7e3baecbe7970d)

make  every-module group_include=ktls
Makefile:56: modules.lst: No such file or directory
Makefile:107: config.mak: No such file or directory
target architecture <x86_64>, host architecture <x86_64>
making config...
saving modules list...
CC (gcc) [M auth_identity.so]       auth_http.o
CC (gcc) [M auth_identity.so]       auth_hdrs.o
CC (gcc) [M auth_identity.so]       auth_tables.o
CC (gcc) [M auth_identity.so]       auth_identity.o
CC (gcc) [M auth_identity.so]       auth_crypt.o
CC (gcc) [M auth_identity.so]       auth_dynstr.o
LD (gcc) [M auth_identity.so]       auth_identity.so
CC (gcc) [M crypto.so]      crypto_uuid.o
CC (gcc) [M crypto.so]      crypto_mod.o
LD (gcc) [M crypto.so]      crypto.so
CC (gcc) [M tls.so]     tls_domain.o
tls_domain.c: In function 'setup_dh':
tls_domain.c:117:6: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
    dh->p = BN_bin2bn(dh3072_p, sizeof(dh3072_p), NULL);
      ^~
tls_domain.c: In function 'sr_ssl_ctx_info_callback':
tls_domain.c:717:10: error: dereferencing pointer to incomplete type 'SSL {aka const struct ssl_st}'
   if (ssl->s3) {
          ^~
tls_domain.c: In function 'tls_ssl_ctx_set_freelist':
tls_domain.c:841:6: error: dereferencing pointer to incomplete type 'SSL_CTX {aka struct ssl_ctx_st}'
   ctx->freelist_max_len = val;
      ^~
tls_domain.c: In function 'tls_server_name_cb':
tls_domain.c:930:46: error: dereferencing pointer to incomplete type 'SSL {aka struct ssl_st}'
  SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
                                              ^~
../../Makefile.rules:97: recipe for target 'tls_domain.o' failed
make[1]: *** [tls_domain.o] Error 1
Makefile:511: recipe for target 'modules' failed
make: *** [modules] Error 1

@miconda
Copy link
Member

miconda commented Oct 27, 2016

tls module got two commits for it: ef02155 and fe99687

@linuxmaniac
Copy link
Member Author

Indeed. with those two It compiles

make  every-module group_include=ktls
make[1]: 'auth_identity.so' is up to date.
make[1]: 'crypto.so' is up to date.
CC (gcc) [M tls.so]     tls_domain.o
CC (gcc) [M tls.so]     tls_server.o
CC (gcc) [M tls.so]     tls_cfg.o
CC (gcc) [M tls.so]     tls_util.o
CC (gcc) [M tls.so]     tls_config.o
CC (gcc) [M tls.so]     tls_select.o
CC (gcc) [M tls.so]     tls_dump_vf.o
CC (gcc) [M tls.so]     tls_init.o
tls_init.c: In function 'init_ssl_methods':
tls_init.c:377:2: warning: 'TLSv1_client_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_cli - 1] = TLSv1_client_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1598:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */
 ^
tls_init.c:378:2: warning: 'TLSv1_server_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_srv - 1] = TLSv1_server_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1597:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */
 ^
tls_init.c:379:2: warning: 'TLSv1_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1 - 1] = TLSv1_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1596:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
 ^
tls_init.c:382:2: warning: 'TLSv1_1_client_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_1_cli - 1] = TLSv1_1_client_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1604:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */
 ^
tls_init.c:383:2: warning: 'TLSv1_1_server_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_1_srv - 1] = TLSv1_1_server_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1603:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */
 ^
tls_init.c:384:2: warning: 'TLSv1_1_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_1 - 1] = TLSv1_1_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1602:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
 ^
tls_init.c:388:2: warning: 'TLSv1_2_client_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_2_cli - 1] = TLSv1_2_client_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1610:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */
 ^
tls_init.c:389:2: warning: 'TLSv1_2_server_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_2_srv - 1] = TLSv1_2_server_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1609:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */
 ^
tls_init.c:390:2: warning: 'TLSv1_2_method' is deprecated [-Wdeprecated-declarations]
  ssl_methods[TLS_USE_TLSv1_2 - 1] = TLSv1_2_method();
  ^~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
                 from /usr/include/openssl/ssl.h:61,
                 from tls_init.c:45:
/usr/include/openssl/ssl.h:1608:1: note: declared here
 DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
 ^
CC (gcc) [M tls.so]     tls_locking.o
tls_locking.c:98:13: warning: 'locking_f' defined but not used [-Wunused-function]
 static void locking_f(int mode, int n, const char* file, int line)
             ^~~~~~~~~
tls_locking.c:83:13: warning: 'dyn_destroy_f' defined but not used [-Wunused-function]
 static void dyn_destroy_f(struct CRYPTO_dynlock_value *l,
             ^~~~~~~~~~~~~
tls_locking.c:65:13: warning: 'dyn_lock_f' defined but not used [-Wunused-function]
 static void dyn_lock_f(int mode, struct CRYPTO_dynlock_value* l,
             ^~~~~~~~~~
tls_locking.c:42:37: warning: 'dyn_create_f' defined but not used [-Wunused-function]
 static struct CRYPTO_dynlock_value* dyn_create_f(const char* file, int line)
                                     ^~~~~~~~~~~~
CC (gcc) [M tls.so]     tls_mod.o
CC (gcc) [M tls.so]     tls_bio.o
CC (gcc) [M tls.so]     tls_rpc.o
CC (gcc) [M tls.so]     tls_ct_wrq.o
CC (gcc) [M tls.so]     tls_verify.o
LD (gcc) [M tls.so]     tls.so

@linuxmaniac
Copy link
Member Author

Can I push all the these commits to 4.4?

@linuxmaniac
Copy link
Member Author

cherry-picked. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@linuxmaniac @miconda