search

grahamedgecombe / nginx-ct

Certificate Transparency module for nginx.
https://grahamedgecombe.com/projects/nginx-ct
ISC License
176 stars 29 forks source link

Building with nginx 13.3.3 #29

Closed Night1 closed 7 years ago

Night1 commented 7 years ago

Hey,

I tried to build new nginx with nginx-ct today and have been getting these errors:

../nginx-ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_merge_srv_conf’: ../nginx-ct/ngx_ssl_ct_module.c:164:19: error: ‘SSL_EXT_CLIENT_HELLO’ undeclared (first use in this function) int context = SSL_EXT_CLIENT_HELLO ^~~~~~~~~~~~~~~~~~~~ ../nginx-ct/ngx_ssl_ct_module.c:164:19: note: each undeclared identifier is reported only once for each function it appears in ../nginx-ct/ngx_ssl_ct_module.c:165:19: error: ‘SSL_EXT_TLS1_2_SERVER_HELLO’ undeclared (first use in this function) | SSL_EXT_TLS1_2_SERVER_HELLO ^~~~~~~~~~~~~~~~~~~~~~~~~~~ ../nginx-ct/ngx_ssl_ct_module.c:166:19: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function) | SSL_EXT_TLS1_3_CERTIFICATE; ^~~~~~~~~~~~~~~~~~~~~~~~~~ ../nginx-ct/ngx_ssl_ct_module.c:167:9: error: implicit declaration of function ‘SSL_CTX_add_custom_ext’ [-Werror=implicit-function-declaration] if (SSL_CTX_add_custom_ext(ssl_ctx, NGX_SSL_CT_EXT, context, ^~~~~~~~~~~~~~~~~~~~~~ ../nginx-ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_ext_cb’: ../nginx-ct/ngx_ssl_ct_module.c:192:20: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function) if (context == SSL_EXT_TLS1_3_CERTIFICATE && chainidx != 0) { ^~~~~~~~~~~~~~~~~~~~~~~~~~ cc1: all warnings being treated as errors objs/Makefile:1524: recipe for target 'objs/addon/nginx-ct/ngx_ssl_ct_module.o' failed make[1]: *** [objs/addon/nginx-ct/ngx_ssl_ct_module.o] Error 1

Same errror occurs on both dynamic and non dynamic module.

grahamedgecombe commented 7 years ago

Which version of OpenSSL are you using?

Night1 commented 7 years ago

Head from tls1.3-draft-18

grahamedgecombe commented 7 years ago

The draft-18 branch of OpenSSL doesn't support the new extension API. nginx-ct is only compatible with the master branch. (afaik there's no way to distinguish between draft-18 and master, and the extension won't work with TLS 1.3 on the draft-18 branch anyway.)

Night1 commented 7 years ago

Ah thank you for clarification, lets hope tle1.3 gets to past draft so that browsers will implement it, unlike now when browsers only support draft 18.