https://bz.apache.org/bugzilla/show_bug.cgi?id=64419
Michael Osipov <micha...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |a...@freebsd.org,
| |micha...@apache.org,
| |rainer.j...@kippdata.de
--- Comment #3 from Michael Osipov <micha...@apache.org> ---
OK, there are several issues here. They aren't FreeBSD specific, but the issue
is the incomplete LibreSSL coverage:
> ./include/ssl_private.h:220:9: warning: 'OPENSSL_VERSION' macro redefined
> [-Wmacro-redefined]
> #define OPENSSL_VERSION SSLEAY_VERSION
> ^
> /usr/local/include/openssl/crypto.h:329:9: note: previous definition is here
> #define OPENSSL_VERSION 0
> ^
The ifdef around this block assumes that LibreSSL at some point did not have
these definitions.
> src/ssl.c:301:9: warning: implicit declaration of function
> 'SSL_CTX_set_keylog_callback' is invalid in C99
> [-Wimplicit-function-declaration]
> SSL_CTX_set_keylog_callback(ctx, ssl_keylog_callback);
> ^
LibeSSL does not support this. This patch solves the issue:
> diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
> index d88e393d..26495e46 100644
> --- a/native/include/ssl_private.h
> +++ b/native/include/ssl_private.h
> @@ -241,7 +241,7 @@
> #define TLS_server_method SSLv23_server_method
> #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER) */
>
> -#if OPENSSL_VERSION_NUMBER >= 0x10101000L
> +#if OPENSSL_VERSION_NUMBER >= 0x10101000L &&
> !defined(LIBRESSL_VERSION_NUMBER)
> #define HAVE_KEYLOG_CALLBACK
> #endif
> src/ssl.c:789:41: error: use of undeclared identifier 'thread_exit_key'; did
> you mean 'pthread_exit'?
> err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
> ^~~~~~~~~~~~~~~
> pthread_exit
> /usr/include/pthread.h:215:7: note: 'pthread_exit' declared here
> void pthread_exit(void *) __dead2;
> ^
> src/ssl.c:789:58: error: use of undeclared identifier '_ssl_thread_exit'
> err = apr_threadkey_private_create(&thread_exit_key, _ssl_thread_exit,
> ^
> src/ssl.c:796:5: error: use of undeclared identifier 'threadkey_initialized'
> threadkey_initialized = 1;
> ^
> src/ssl.c:799:5: warning: implicit declaration of function 'ssl_thread_setup'
> is invalid in C99
> [-Wimplicit-function-declaration]
> ssl_thread_setup(tcn_global_pool);
> ^
As sad as it seems. With the ifdefs around threaded init and OpenSSL 1.1.0+ the
coverage of LibreSSL seems to be incomplete because LibreSSL reports OpenSSL
version 0.
To solve this properly, we need to do the following:
* Require a minimum LibreSSL
* Test for that LibreSSL version in ./configure
* Figure out whether LibreSSL inits threading itself like OpenSSL 1.1.0+
* Revise code blocks for LibreSSL compat:
> [mosipov@mika-ion ~/Projekte/tomcat-native/native]$ grep -r
> "OPENSSL_VERSION_NUMBER < 0x10100000L" .
> ./include/ssl_private.h:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./include/ssl_private.h:#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER) */
> ./include/ssl_private.h:#if (OPENSSL_VERSION_NUMBER < 0x10100000L) && !
> (defined(WIN32) || defined(WIN64))
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L && ! (defined(WIN32) ||
> defined(WIN64))
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/ssl.c:#if !defined(OPENSSL_NO_ENGINE) || OPENSSL_VERSION_NUMBER <
> 0x10100000L
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/ssl.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslcontext.c:#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#else /* if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER) */
> ./src/sslcontext.c:#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
> ./src/sslcontext.c:#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslcontext.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslinfo.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
> defined(LIBRESSL_VERSION_NUMBER)
> ./src/sslutils.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
> ./src/sslutils.c:#if OPENSSL_VERSION_NUMBER < 0x10100000L
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
