ngx_http_lua_module.c SSL_CTX_sess_set_get_cb incompatible argument

[qingboy578]

when i install nginx-1.11.3 with openssl-1.1.0, lua-nginx-module-0.10.6, during the make phase, an error has occurred, how to deal with this error?

export LUAJIT_LIB=$target_path/luajit/lib
export LUAJIT_INC=$target_path/luajit/include/luajit-2.0
cd $src_path/nginx-1.11.3
./configure
--prefix=$target_path/nginx
--with-ld-opt="-Wl,--rpath='$$ORIGIN/../../luajit/lib'"
--with-http_gzip_static_module
--with-http_stub_status_module
--with-http_realip_module
--with-http_ssl_module
--with-openssl=$src_path/openssl-1.1.0
--with-pcre=$src_path/pcre-8.38
--with-zlib=$src_path/zlib-1.2.8
--add-module=$src_path/ngx_devel_kit-0.2.19
--add-module=$src_path/lua-nginx-module-0.10.6

make

---

cc1: warnings being treated as errors
/home/nginx/source/nginx/src/lua-nginx-module-0.10.6/src/ngx_http_lua_module.c: In function ‘ngx_http_lua_merge_srv_conf’:
/home/nginx/source/nginx/src/lua-nginx-module-0.10.6/src/ngx_http_lua_module.c:1004: error: passing argument 2 of ‘SSL_CTX_sess_set_get_cb’ from incompatible pointer type
make[1]: *** [objs/addon/src/ngx_http_lua_module.o] Error 1
make[1]: Leaving directory `/home/nginx/source/nginx/src/nginx-1.11.3'
make: *** [build] Error 2

[agentzh]

@qingboy578 I don't think OpenSSL 1.1.x is supported by this module yet. See #757 for more details.

[agentzh]

@qingboy578 The latest version of OpenSSL that is officially supported is 1.0.2h.

[qingboy578]

@agentzh thanks for your answer, by the way,is there any plan to support OpenSSL 1.1.x?
From a security point of view, 1.0.2h does not fix some loopholes which recently exposed such as CVE-2016-6302,CVE-2016-2181,CVE-2016-2179 , but 1.1.0 has fixed, however we can`t fix 1.0.2h by the patch of 1.1.0, because two versions of the code has changed dramatically!
Hope for your reply~

[agentzh]

@qingboy578 Yes, there is such plan.

[SmilingNavern]

+1 to this issue.

[agentzh]

OpenSSL 1.0.2j is released with the security fixes. So this is no longer urgent. OpenSSL 1.1 changes its internal infrastructure a lot so it deserves much longer time of API porting and testing.

[kcirrr]

Do you have an ETA on a fix?

[agentzh]

@kcirrr Just follow #757 and #761. There are still outstanding issues in OpenSSL 1.1.

I'm closing this. Since it's duplicate with #757.

[sunnybear]

Issue still exists with the latest git repo :(

[sunnybear]

.../lua-nginx-module/src/ngx_http_lua_module.c:1014:37: error: passing argument 2 of ‘SSL_CTX_sess_set_get_cb’ from incompatible pointer type [-Werror]
ngx_http_lua_ssl_sess_fetch_handler);

[agentzh]

@sunnybear Just use the OpenSSL 1.0.2 series instead. That series is still updating and is well tested and mature.

[Oranzh]

+1 to this issue.

[agentzh]

This has been fixed in master for long. And it is already included in tagged releases 1.10.12 and 1.10.13, as well as OpenResty 1.13.6.2 RC1.