search

grahamedgecombe / nginx-ct

Certificate Transparency module for nginx.
https://grahamedgecombe.com/projects/nginx-ct
ISC License
176 stars 29 forks source link

Cann't build with this module #31

Closed dateno1 closed 7 years ago

dateno1 commented 7 years ago

nginx 1.13.4 + openssl 1.1.1 draft 18 (for tls 1.3) + pcre 8.41 + nginx rtmp module

nginx-ct-master/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_merge_srv_conf’:
nginx-ct-master/ngx_ssl_ct_module.c:164:19: error: ‘SSL_EXT_CLIENT_HELLO’ undeclared (first use in this function)
     int context = SSL_EXT_CLIENT_HELLO
                   ^
nginx-ct-master/ngx_ssl_ct_module.c:164:19: note: each undeclared identifier is reported only once for each function it appears in
nginx-ct-master/ngx_ssl_ct_module.c:165:19: error: ‘SSL_EXT_TLS1_2_SERVER_HELLO’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_2_SERVER_HELLO
                   ^
nginx-ct-master/ngx_ssl_ct_module.c:166:19: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_3_CERTIFICATE;
                   ^
nginx-ct-master/ngx_ssl_ct_module.c:167:9: error: implicit declaration of function ‘SSL_CTX_add_custom_ext’ [-Werror=implicit-function-declaration]
     if (SSL_CTX_add_custom_ext(ssl_ctx, NGX_SSL_CT_EXT, context,
         ^
nginx-ct-master/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_ext_cb’:
nginx-ct-master/ngx_ssl_ct_module.c:192:20: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
     if (context == SSL_EXT_TLS1_3_CERTIFICATE && chainidx != 0) {
                    ^
cc1: all warnings being treated as errors

it seems not work with new openssl (1.1.1)

./configure --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-cc-opt='-g -O2 -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,--as-needed' --with-http_v2_module --with-http_slice_module --with-http_image_filter_module --with-http_secure_link_module --with-http_xslt_module --with-http_degradation_module --with-stream --with-stream_ssl_module --with-google_perftools_module --with-threads --with-openssl=openssl-1.1.1-tls1.3-draft-18 --with-openssl-opt=enable-tls1_3 --add-module=nginx-rtmp-module --add-module=nginx-ct-master --with-pcre=pcre-8.41

compile option

grahamedgecombe commented 7 years ago

It only compiles against the master branch of OpenSSL.

The draft-18 branch doesn't support the new custom extension API, so the SCT extension wouldn't work in TLS 1.3 on the draft-18 branch anyway.