search

grahamedgecombe / nginx-ct

Certificate Transparency module for nginx.
https://grahamedgecombe.com/projects/nginx-ct
ISC License
175 stars 27 forks source link

This doesn’t compile against OpenSSL 1.1.1 branch draft-18 of TLS 1.3 #24

Closed jonnybarnes closed 7 years ago

jonnybarnes commented 7 years ago

It gives this output:

make
make -f objs/Makefile
make[1]: Entering directory '/home/jonny/server-files/nginx/nginx-1.13.0'
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -Wno-deprecated-declarations -Wno-deprecated-declarations  -I src/core -I src/event -I src/event/modules -I src/os/unix -I /home/jonny/server-files/nginx/nginx-rtmp-module -I /home/jonny/server-files/pcre/pcre-8.40 -I /home/jonny/server-files/openssl/openssl-1.1.1-tls1.3-draft-18/.openssl/include -I /home/jonny/server-files/zlib/zlib-1.2.11 -I objs -I src/http -I src/http/modules -I src/http/v2 -I /home/jonny/server-files/nginx/ngx_brotli/deps/brotli/include \
    -o objs/addon/nginx-ct/ngx_ssl_ct_module.o \
    /home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_merge_srv_conf’:
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:164:19: error: ‘SSL_EXT_CLIENT_HELLO’ undeclared (first use in this function)
     int context = SSL_EXT_CLIENT_HELLO
                   ^
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:164:19: note: each undeclared identifier is reported only once for each function it appears in
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:165:19: error: ‘SSL_EXT_TLS1_2_SERVER_HELLO’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_2_SERVER_HELLO
                   ^
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:166:19: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_3_CERTIFICATE;
                   ^
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:167:5: error: implicit declaration of function ‘SSL_CTX_add_custom_ext’ [-Werror=implicit-function-declaration]
     if (SSL_CTX_add_custom_ext(ssl_ctx, NGX_SSL_CT_EXT, context,
     ^
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_ext_cb’:
/home/jonny/server-files/nginx/nginx-ct/ngx_ssl_ct_module.c:192:20: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
     if (context == SSL_EXT_TLS1_3_CERTIFICATE && chainidx != 0) {
                    ^
cc1: all warnings being treated as errors
objs/Makefile:1811: recipe for target 'objs/addon/nginx-ct/ngx_ssl_ct_module.o' failed
make[1]: *** [objs/addon/nginx-ct/ngx_ssl_ct_module.o] Error 1
make[1]: Leaving directory '/home/jonny/server-files/nginx/nginx-1.13.0'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2
grahamedgecombe commented 7 years ago

It only compiles against the master branch of OpenSSL.

The draft-18 branch doesn't support the new custom extension API, so the SCT extension wouldn't work in TLS 1.3 on the draft-18 branch anyway.

I don't think there's a way we can distinguish between draft-18 and master.

SoftCreatR commented 7 years ago

FYI: This works fine with draft-19, however Chrome & co. don't support draft 19 and above.

jonnybarnes commented 7 years ago

indeed, I’m waiting for the browsers to catch up before I try getting TLS1.3 support on my site again