Compile nginx (1.13.7) + openssl (tls1.3-draft-18) + nginx-ct

[kysil]

Hi, Any variants with existing temporary solutions lead to an error:

        -o objs/addon/ngx_ct/ngx_ssl_ct_module.o \
        /…/ngx_ct/ngx_ssl_ct_module.c
/…/ngx_ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_merge_srv_conf’:
/…/ngx_ct/ngx_ssl_ct_module.c:164:19: error: ‘SSL_EXT_CLIENT_HELLO’ undeclared (first use in this function)
     int context = SSL_EXT_CLIENT_HELLO
                   ^
/…/ngx_ct/ngx_ssl_ct_module.c:164:19: note: each undeclared identifier is reported only once for each function it appears in
/…/ngx_ct/ngx_ssl_ct_module.c:165:19: error: ‘SSL_EXT_TLS1_2_SERVER_HELLO’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_2_SERVER_HELLO
                   ^
/…/ngx_ct/ngx_ssl_ct_module.c:166:19: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
                 | SSL_EXT_TLS1_3_CERTIFICATE;
                   ^
/…/ngx_ct/ngx_ssl_ct_module.c:167:5: warning: implicit declaration of function ‘SSL_CTX_add_custom_ext’ [-Wimplicit-function-declaration]
     if (SSL_CTX_add_custom_ext(ssl_ctx, NGX_SSL_CT_EXT, context,
     ^
/…/ngx_ct/ngx_ssl_ct_module.c: In function ‘ngx_ssl_ct_ext_cb’:
/…/ngx_ct/ngx_ssl_ct_module.c:192:20: error: ‘SSL_EXT_TLS1_3_CERTIFICATE’ undeclared (first use in this function)
     if (context == SSL_EXT_TLS1_3_CERTIFICATE && chainidx != 0) {
                    ^
make[1]: *** [objs/addon/ngx_ct/ngx_ssl_ct_module.o] Error 1

Has anyone found a solution? Tnx!

[grahamedgecombe]

nginx-ct only compiles against the master branch of OpenSSL.

The draft-18 branch doesn't support the new custom extension API, so the SCT extension wouldn't work in TLS 1.3 on the draft-18 branch anyway.

[lenovouser]

@grahamedgecombe is this compatible with OpenSSL 1.1.1-pre6 or any version that was released on openssl.org/download and supports TLS 1.3?