Closed hdatma closed 9 years ago
grahamedgecombe
commented
9 years ago What version of OpenSSL are you trying to build against? 1.0.2 or above is required, as older versions don't have the SSL_CTX_add_server_custom_ext function.
The instructions at http://www.certificate-transparency.org/resources-for-site-owners/nginx demonstrate how to build a newer version of OpenSSL alongside nginx.
hdatma
commented
9 years ago libressl 2.2.1
grahamedgecombe
commented
9 years ago Unfortunately LibreSSL doesn't appear to have the SSL_CTX_add_server_custom_ext function, presumably because it was forked from OpenSSL 1.0.1. (The function was introduced in 1.0.2.)
I don't think there's much I can do to workaround this in nginx-ct - it needs the function to add the signed_certificate_timestamp TLS extension. You'll need to use OpenSSL 1.0.2, or hope that the LibreSSL developers add support for custom TLS extensions in a future version.
/opt/src/nginx-ct-master/ngx_http_ssl_ct_module.c:167:9: warning: implicit declaration of function 'SSL_CTX_add_server_custom_ext' is invalid in C99 [-Wimplicit-function-declaration] if (SSL_CTX_add_server_custom_ext(ssl_conf->ssl.ctx, NGX_HTTP_SSL_CT_EXT, ^ 1 warning generated. /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: .libs/libpcre.a(libpcre_la-pcre_string_utils.o) has no symbols /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/ranlib: file: .libs/libpcre.a(libpcre_la-pcre_string_utils.o) has no symbols Undefined symbols for architecture x86_64: "_SSL_CTX_add_server_custom_ext", referenced from: _ngx_http_ssl_ct_merge_srv_conf in ngx_http_ssl_ct_module.o ld: symbol(s) not found for architecture x86_64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: * [objs/nginx] Error 1 make: * [build] Error 2