On 7/5/24 2:11 PM, Ruediger Pluem wrote:
>
>
> On 7/5/24 2:04 PM, Stefan Eissing via dev wrote:
>>
>>
>>> Am 05.07.2024 um 13:51 schrieb Ruediger Pluem <rpl...@apache.org>:
>>>
>>> I just noticed that mod_md in 2.4.61 fails to compile with openssl < 1.1.1.
>>> Below is the output against openssl 1.0.2 on RedHat 7:
>>>
>>> md_crypt.c: In function 'md_pkey_get_rsa_e64':
>>> md_crypt.c:982:5: warning: implicit declaration of function
>>> 'EVP_PKEY_get0_RSA' [-Wimplicit-function-declaration]
>>> const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
>>> ^
>>> md_crypt.c:982:22: warning: initialization makes pointer from integer
>>> without a cast [enabled by default]
>>> const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
>>> ^
>>> md_crypt.c: In function 'md_pkey_get_rsa_n64':
>>> md_crypt.c:1002:22: warning: initialization makes pointer from integer
>>> without a cast [enabled by default]
>>> const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
>>> ^
>>> md_crypt.c: In function 'md_cert_get_ct_scts':
>>> md_crypt.c:2071:5: error: unknown type name 'SCT'
>>> SCT *sct_handle;
>>> ^
>>> In file included from /usr/include/openssl/crypto.h:129:0,
>>> from /usr/include/openssl/bio.h:69,
>>> from /usr/include/openssl/err.h:124,
>>> from md_crypt.c:28:
>>> md_crypt.c:2084:29: error: 'SCT' undeclared (first use in this function)
>>> sct_handle = sk_SCT_value(sct_list, i);
>>> ^
>>> md_crypt.c:2084:29: note: each undeclared identifier is reported only once
>>> for each function it appears in
>>> md_crypt.c:2084:29: error: expected expression before ')' token
>>> sct_handle = sk_SCT_value(sct_list, i);
>>> ^
>>> md_crypt.c:2087:21: warning: implicit declaration of function
>>> 'SCT_get_version' [-Wimplicit-function-declaration]
>>> sct->version = SCT_get_version(sct_handle);
>>> ^
>>> md_crypt.c:2088:21: warning: implicit declaration of function
>>> 'SCT_get_timestamp' [-Wimplicit-function-declaration]
>>> sct->timestamp =
>>> apr_time_from_msec(SCT_get_timestamp(sct_handle));
>>> ^
>>> md_crypt.c:2089:21: warning: implicit declaration of function
>>> 'SCT_get0_log_id' [-Wimplicit-function-declaration]
>>> len = SCT_get0_log_id(sct_handle, (unsigned
>>> char**)&data);
>>> ^
>>> md_crypt.c:2091:21: warning: implicit declaration of function
>>> 'SCT_get_signature_nid' [-Wimplicit-function-declaration]
>>> sct->signature_type_nid =
>>> SCT_get_signature_nid(sct_handle);
>>> ^
>>> md_crypt.c:2092:21: warning: implicit declaration of function
>>> 'SCT_get0_signature' [-Wimplicit-function-declaration]
>>> len = SCT_get0_signature(sct_handle, (unsigned
>>> char**)&data);
>>> ^
>>> make[4]: *** [md_crypt.slo] Error 1
>>> make[4]: *** Waiting for unfinished jobs....
>>> make[4]: Leaving directory
>>> `/home/devil/rpmbuild/BUILD/WAO-apache-2.4.61/httpd-2.4.61/modules/md'
>>> make[3]: *** [shared-build-recursive] Error 1
>>> make[3]: Leaving directory
>>> `/home/devil/rpmbuild/BUILD/WAO-apache-2.4.61/httpd-2.4.61/modules/md'
>>> make[2]: *** [shared-build-recursive] Error 1
>>> make[2]: Leaving directory
>>> `/home/devil/rpmbuild/BUILD/WAO-apache-2.4.61/httpd-2.4.61/modules'
>>> make[1]: *** [shared-build-recursive] Error 1
>>> make[1]: Leaving directory
>>> `/home/devil/rpmbuild/BUILD/WAO-apache-2.4.61/httpd-2.4.61'
>>> make: *** [all-recursive] Error 1
>>>
>>> I am not sure if we can do without these functions or the SCT structure and
>>> in the end mod_md is still experimental for 2.4.x.
>>> But if we want to keep the code of mod_md as is in 2.4.x we probably should
>>> add checks in the autoconf stuff that prevents it
>>> from being enabled on openssl < 1.1.1.
>>
>> Ok, the code is from 2019, meaning we did not have that combination working
>> for a long time. I think checking the openssl version in configure seems the
>> best approach.
>
> I guess r1918195 in 2.4.x is the culprit which changed defines in the code as
> I was able to compile 2.4.59 with Openssl 1.0.2 and
> mod_md.
Let me investigate deeper.
Regards
RĂ¼diger
