search

kjdev / nginx-auth-jwt

Nginx module for the authenticate using JWT
MIT License
27 stars 17 forks source link

undefined symbol: EVP_PKEY_get_utf8_string_param #11

Closed naa2298 closed 10 months ago

naa2298 commented 10 months ago

Hello... When I want load module from nginx.conf, test failed and I have this error "undefined symbol: EVP_PKEY_get_utf8_string_param" and I don´t know Why I can´t enable module. Do you know something why?

kjdev commented 10 months ago

It may depend on the version of OpenSSL.

Please provide build and runtime environment details.

The target seems to be a deprecated low-level key parameter getter function, so we will consider refactoring.

naa2298 commented 10 months ago

Hello! Thanks for answering. How do I give you build and runtime environnent? How do I see that?

kjdev commented 10 months ago

Please describe your environment (OS, library version, etc.) and the steps you took so that we can reproduce it.

naa2298 commented 10 months ago

Sorry for the delay, I've installed Jannson, everything ok. When I wanted to install nginx with module, this needed openssl. I install openssl with package downloaded from openssl.org, and don´t recognize. Then, I install libssl-dev and install nginx.

Debian GNU/Linux 11 (bullseye) nginx-1.25.3 jansson-2.14 libssl-dev/oldstable,now 1.1.1w openssl 3.2.0

kjdev commented 10 months ago

Is the version of libssl that nginx links to 1.1.1w?

Is the module built with OpenSSL 3.2.0 and executed with 1.1.1w? If so, of course it won't work.

naa2298 commented 10 months ago

After I've installed openssl 3.2.0, for built it asked me for openssl. Didn't recognize the installatio. Later, i've installed libssl from repositories and it proceed to built, to finish configure (./configure). I think that was configured with libssl-dev and not openssl 3.2.0. Do you recommend to build again?

kjdev commented 10 months ago

I assume you used libssl-dev instead of OpenSSL 3.2.0?

I would also like to know what you installed from where, as it seems to be different from the default package version. If possible, please provide (re-) build instructions.

kjdev commented 10 months ago

Are you sure you are not building with OpenSSL 3.2.0 and running with 1.1.1w ?

src/jwt/jwt-openssl.c :

    260 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
    261     char curve_name[64];
    262     size_t curve_name_len = 0;
    263     EC_GROUP *ecgroup;
    264
    265     if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), &curve_name_len))
    ...
    408 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
    409     char *curve_name[64];
    410     size_t curve_name_len = 0;
    411     EC_GROUP *ecgroup;
    412
    413     if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, (char *)curve_name, sizeof(curve_name), &curve_name_len))

EVP_PKEY_get_utf8_string_param() is only used with OpensSSL 3

naa2298 commented 10 months ago

I solved! I've uninstalled openssl 3.2.0 and re-compiled. The issue was solved. Later I wrote "load_module" at top of code out of http{}. Any error display. Thanks a lot for your advice and answering.