tried compile 1.7.1 with boringssl, but seems not work, error like below:
In file included from src/ssl_sock.c:87:0:
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_CERTID’
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const
OCSP_SINGLERESP *single)
^
include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_SINGLERESP’
include/proto/openssl-compat.h: In function ‘OCSP_SINGLERESP_get0_id’:
include/proto/openssl-compat.h:109:15: error: request for member
‘certId’ in something not a structure or union
return single->certId;
^
src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’:
src/ssl_sock.c:1070:4: warning: implicit declaration of function
‘ssl_sock_dump_errors’ [-Wimplicit-function-declaration]
ssl_sock_dump_errors(conn);
^
src/ssl_sock.c: In function ‘ssl_sock_do_create_cert’:
src/ssl_sock.c:1241:3: warning: implicit declaration of function
‘X509V3_EXT_conf’ [-Wimplicit-function-declaration]
if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i],
x509v3_ext_values[i])))
^
src/ssl_sock.c:1241:13: warning: assignment makes pointer from integer
without a cast [enabled by default]
if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i],
x509v3_ext_values[i])))
^
src/ssl_sock.c:1252:2: warning: implicit declaration of function
‘EVP_PKEY_base_id’ [-Wimplicit-function-declaration]
key_type = EVP_PKEY_base_id(capkey);
^
src/ssl_sock.c:1264:3: warning: implicit declaration of function
‘EVP_PKEY_get_default_digest_nid’ [-Wimplicit-function-declaration]
if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)
^
src/ssl_sock.c: In function ‘ssl_sock_prepare_ctx’:
src/ssl_sock.c:2720:3: warning: implicit declaration of function
‘SSL_CTX_set_ssl_version’ [-Wimplicit-function-declaration]
SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
^
src/ssl_sock.c:2786:46: error: ‘ssl_tlsext_ticket_key_cb’ undeclared
(first use in this function)
if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) {
^
src/ssl_sock.c:2786:46: note: each undeclared identifier is reported
only once for each function it appears in
src/ssl_sock.c:2820:13: warning: assignment discards ‘const’ qualifier
from pointer target type [enabled by default]
cipher = sk_SSL_CIPHER_value(ciphers, idx);
^
src/ssl_sock.c:2874:2: warning: passing argument 2 of
‘SSL_CTX_set_tlsext_servername_callback’ from incompatible pointer
type [enabled by default]
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
^
In file included from src/ssl_sock.c:43:0:
/build/boringssl/include/openssl/ssl.h:2357:20: note: expected ‘int
(*)(struct SSL *, int *, void *)’ but argument is of type ‘int
(*)(struct SSL *, int *, struct bind_conf *)’
OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback(
^
src/ssl_sock.c: In function ‘ssl_sock_handshake’:
src/ssl_sock.c:3531:48: error: ‘SSL’ has no member named ‘packet_length’
empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
^
src/ssl_sock.c:3609:46: error: ‘SSL’ has no member named ‘packet_length’
empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
^
make: *** [src/ssl_sock.o] Error 1
On Mon, Aug 18, 2014 at 6:56 AM, Lukas Tribus <luky...@hotmail.com> wrote:
> Google's boringssl doesn't currently support OCSP, so
> disable it if detected.
>
> OCSP support may be reintroduced as per:
> https://code.google.com/p/chromium/issues/detail?id=398677
>
> In that case we can simply revert this commit.
>
> Signed-off-by: Lukas Tribus <luky...@hotmail.com>
> ---
> include/proto/ssl_sock.h | 2 +-
> src/dumpstats.c | 2 +-
> src/ssl_sock.c | 6 +++---
> 3 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
> index 3e111cd..6362953 100644
> --- a/include/proto/ssl_sock.h
> +++ b/include/proto/ssl_sock.h
> @@ -54,7 +54,7 @@ char *ssl_sock_get_version(struct connection *conn);
> int ssl_sock_get_cert_used(struct connection *conn);
> int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk
> *out);
> unsigned int ssl_sock_get_verify_result(struct connection *conn);
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined
> OPENSSL_IS_BORINGSSL)
> int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err);
> #endif
>
> diff --git a/src/dumpstats.c b/src/dumpstats.c
> index 5365042..3855e09 100644
> --- a/src/dumpstats.c
> +++ b/src/dumpstats.c
> @@ -1794,7 +1794,7 @@ static int stats_sock_parse_request(struct
> stream_interface *si, char *line)
> #ifdef USE_OPENSSL
> else if (strcmp(args[1], "ssl") == 0) {
> if (strcmp(args[2], "ocsp-response") == 0) {
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined
> OPENSSL_IS_BORINGSSL)
> char *err = NULL;
>
> /* Expect one parameter: the new response in
> base64 encoding */
> diff --git a/src/ssl_sock.c b/src/ssl_sock.c
> index cf8adc7..e53e3bd 100644
> --- a/src/ssl_sock.c
> +++ b/src/ssl_sock.c
> @@ -44,7 +44,7 @@
> #include <openssl/x509.h>
> #include <openssl/err.h>
> #include <openssl/rand.h>
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined
> OPENSSL_IS_BORINGSSL)
> #include <openssl/ocsp.h>
> #endif
>
> @@ -112,7 +112,7 @@ static DH *local_dh_4096 = NULL;
> static DH *local_dh_8192 = NULL;
> #endif /* OPENSSL_NO_DH */
>
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined
> OPENSSL_IS_BORINGSSL)
> struct certificate_ocsp {
> struct ebmb_node key;
> unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
> @@ -1282,7 +1282,7 @@ static int ssl_sock_load_cert_file(const char *path,
> struct bind_conf *bind_conf
> }
> #endif
>
> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB
> +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined
> OPENSSL_IS_BORINGSSL)
> ret = ssl_sock_load_ocsp(ctx, path);
> if (ret < 0) {
> if (err)
> --
> 1.9.1
>
>
