OpenSSL 3 Support - Githubissues

markmeeus commented 1 year ago

Is there a plan to upgrade this module to use OpenSSL3? The current code deprecated functions.

I'm trying to use this module in a debian:bookworm_slim docker image, but I get deprecation errors.

Dockerfile

FROM debian:bookworm-slim

RUN apt update && apt upgrade -y
RUN apt install -y curl build-essential libssl-dev zlib1g-dev  libpcre3 libpcre3-dev ffmpeg libavcodec-dev libavformat-dev libswscale-dev -y

RUN mkdir nginx nginx-vod-module nginx-aws-auth-module

RUN curl -sL https://nginx.org/download/nginx-1.16.1.tar.gz | tar -C nginx --strip 1 -xz
RUN curl -sL https://github.com/kaltura/nginx-vod-module/archive/refs/tags/1.31.tar.gz | tar -C nginx-vod-module --strip 1 -xz
RUN curl -sL https://github.com/kaltura/nginx-aws-auth-module/archive/refs/tags/1.1.tar.gz | tar -C nginx-aws-auth-module --strip 1 -xz

WORKDIR nginx

RUN ./configure --prefix=/usr/local/nginx \
    --add-module=../nginx-vod-module \
    --add-module=../nginx-aws-auth-module \
    --with-file-aio \
    --with-threads \
  --with-debug \
    --with-cc-opt="-O3"

RUN make
RUN make install

RUN rm -rf /usr/local/nginx/html /usr/local/nginx/conf/*.default

ENTRYPOINT ["/usr/local/nginx/sbin/nginx"]
CMD ["-g", "daemon off;"]

Building the image returns these errors:

#13 52.52   ../nginx-vod-module/vod/write_buffer_queue.c
#13 52.65 cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -O3  -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs -I src/http -I src/http/modules \
#13 52.65   -o objs/addon/nginx-aws-auth-module/ngx_http_aws_auth_module.o \
#13 52.65   ../nginx-aws-auth-module/ngx_http_aws_auth_module.c
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c: In function 'ngx_http_aws_auth_sha256_hex':
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:194:5: error: 'SHA256_Init' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   194 |     SHA256_Init(&sha256);
#13 52.75       |     ^~~~~~~~~~~
#13 52.75 In file included from ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:4:
#13 52.75 /usr/include/openssl/sha.h:73:27: note: declared here
#13 52.75    73 | OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
#13 52.75       |                           ^~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:195:5: error: 'SHA256_Update' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   195 |     SHA256_Update(&sha256, message->data, message->len);
#13 52.75       |     ^~~~~~~~~~~~~
#13 52.75 /usr/include/openssl/sha.h:74:27: note: declared here
#13 52.75    74 | OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
#13 52.75       |                           ^~~~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:196:5: error: 'SHA256_Final' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   196 |     SHA256_Final(hash, &sha256);
#13 52.75       |     ^~~~~~~~~~~~
#13 52.75 /usr/include/openssl/sha.h:76:27: note: declared here
#13 52.75    76 | OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
#13 52.75       |                           ^~~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c: In function 'ngx_http_aws_auth_hmac_sha256':
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:213:5: error: 'HMAC_CTX_new' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   213 |     hmac = HMAC_CTX_new();
#13 52.75       |     ^~~~
#13 52.75 In file included from ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:5:
#13 52.75 /usr/include/openssl/hmac.h:33:33: note: declared here
#13 52.75    33 | OSSL_DEPRECATEDIN_3_0 HMAC_CTX *HMAC_CTX_new(void);
#13 52.75       |                                 ^~~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:223:5: error: 'HMAC_Init_ex' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   223 |     HMAC_Init_ex(hmac, key->data, key->len, EVP_sha256(), NULL);
#13 52.75       |     ^~~~~~~~~~~~
#13 52.75 /usr/include/openssl/hmac.h:43:27: note: declared here
#13 52.75    43 | OSSL_DEPRECATEDIN_3_0 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
#13 52.75       |                           ^~~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:224:5: error: 'HMAC_Update' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   224 |     HMAC_Update(hmac, message->data, message->len);
#13 52.75       |     ^~~~~~~~~~~
#13 52.75 /usr/include/openssl/hmac.h:45:27: note: declared here
#13 52.75    45 | OSSL_DEPRECATEDIN_3_0 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
#13 52.75       |                           ^~~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:225:5: error: 'HMAC_Final' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   225 |     HMAC_Final(hmac, dest->data, &hash_len);
#13 52.75       |     ^~~~~~~~~~
#13 52.75 /usr/include/openssl/hmac.h:47:27: note: declared here
#13 52.75    47 | OSSL_DEPRECATEDIN_3_0 int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
#13 52.75       |                           ^~~~~~~~~~
#13 52.75 ../nginx-aws-auth-module/ngx_http_aws_auth_module.c:227:5: error: 'HMAC_CTX_free' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
#13 52.75   227 |     HMAC_CTX_free(hmac);
#13 52.75       |     ^~~~~~~~~~~~~
#13 52.75 /usr/include/openssl/hmac.h:35:28: note: declared here
#13 52.75    35 | OSSL_DEPRECATEDIN_3_0 void HMAC_CTX_free(HMAC_CTX *ctx);

erankor commented 1 year ago

Hi, please try this branch #20

markmeeus commented 1 year ago

It does seem to compile and generate a header, but I wasn't able to get it working with my local minio. It kept refusing requests with 403 responses. This may not be related to this change, since I never tried the OpenSSL 1.1.1 version in this setup...

kaltura / nginx-aws-auth-module

OpenSSL 3 Support #19