tried compile 1.7.1 with boringssl, but seems not work, error like below: In file included from src/ssl_sock.c:87:0: include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_CERTID’ static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) ^ include/proto/openssl-compat.h:107:1: error: unknown type name ‘OCSP_SINGLERESP’ include/proto/openssl-compat.h: In function ‘OCSP_SINGLERESP_get0_id’: include/proto/openssl-compat.h:109:15: error: request for member ‘certId’ in something not a structure or union return single->certId; ^ src/ssl_sock.c: In function ‘ssl_sock_bind_verifycbk’: src/ssl_sock.c:1070:4: warning: implicit declaration of function ‘ssl_sock_dump_errors’ [-Wimplicit-function-declaration] ssl_sock_dump_errors(conn); ^ src/ssl_sock.c: In function ‘ssl_sock_do_create_cert’: src/ssl_sock.c:1241:3: warning: implicit declaration of function ‘X509V3_EXT_conf’ [-Wimplicit-function-declaration] if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i]))) ^ src/ssl_sock.c:1241:13: warning: assignment makes pointer from integer without a cast [enabled by default] if (!(ext = X509V3_EXT_conf(NULL, &ctx, x509v3_ext_names[i], x509v3_ext_values[i]))) ^ src/ssl_sock.c:1252:2: warning: implicit declaration of function ‘EVP_PKEY_base_id’ [-Wimplicit-function-declaration] key_type = EVP_PKEY_base_id(capkey); ^ src/ssl_sock.c:1264:3: warning: implicit declaration of function ‘EVP_PKEY_get_default_digest_nid’ [-Wimplicit-function-declaration] if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0) ^ src/ssl_sock.c: In function ‘ssl_sock_prepare_ctx’: src/ssl_sock.c:2720:3: warning: implicit declaration of function ‘SSL_CTX_set_ssl_version’ [-Wimplicit-function-declaration] SSL_CTX_set_ssl_version(ctx, SSLv3_server_method()); ^ src/ssl_sock.c:2786:46: error: ‘ssl_tlsext_ticket_key_cb’ undeclared (first use in this function) if (!SSL_CTX_set_tlsext_ticket_key_cb(ctx, ssl_tlsext_ticket_key_cb)) { ^ src/ssl_sock.c:2786:46: note: each undeclared identifier is reported only once for each function it appears in src/ssl_sock.c:2820:13: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default] cipher = sk_SSL_CIPHER_value(ciphers, idx); ^ src/ssl_sock.c:2874:2: warning: passing argument 2 of ‘SSL_CTX_set_tlsext_servername_callback’ from incompatible pointer type [enabled by default] SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk); ^ In file included from src/ssl_sock.c:43:0: /build/boringssl/include/openssl/ssl.h:2357:20: note: expected ‘int (*)(struct SSL *, int *, void *)’ but argument is of type ‘int (*)(struct SSL *, int *, struct bind_conf *)’ OPENSSL_EXPORT int SSL_CTX_set_tlsext_servername_callback( ^ src/ssl_sock.c: In function ‘ssl_sock_handshake’: src/ssl_sock.c:3531:48: error: ‘SSL’ has no member named ‘packet_length’ empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ^ src/ssl_sock.c:3609:46: error: ‘SSL’ has no member named ‘packet_length’ empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ^ make: *** [src/ssl_sock.o] Error 1
On Mon, Aug 18, 2014 at 6:56 AM, Lukas Tribus <luky...@hotmail.com> wrote: > Google's boringssl doesn't currently support OCSP, so > disable it if detected. > > OCSP support may be reintroduced as per: > https://code.google.com/p/chromium/issues/detail?id=398677 > > In that case we can simply revert this commit. > > Signed-off-by: Lukas Tribus <luky...@hotmail.com> > --- > include/proto/ssl_sock.h | 2 +- > src/dumpstats.c | 2 +- > src/ssl_sock.c | 6 +++--- > 3 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h > index 3e111cd..6362953 100644 > --- a/include/proto/ssl_sock.h > +++ b/include/proto/ssl_sock.h > @@ -54,7 +54,7 @@ char *ssl_sock_get_version(struct connection *conn); > int ssl_sock_get_cert_used(struct connection *conn); > int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk > *out); > unsigned int ssl_sock_get_verify_result(struct connection *conn); > -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB > +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined > OPENSSL_IS_BORINGSSL) > int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err); > #endif > > diff --git a/src/dumpstats.c b/src/dumpstats.c > index 5365042..3855e09 100644 > --- a/src/dumpstats.c > +++ b/src/dumpstats.c > @@ -1794,7 +1794,7 @@ static int stats_sock_parse_request(struct > stream_interface *si, char *line) > #ifdef USE_OPENSSL > else if (strcmp(args[1], "ssl") == 0) { > if (strcmp(args[2], "ocsp-response") == 0) { > -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB > +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined > OPENSSL_IS_BORINGSSL) > char *err = NULL; > > /* Expect one parameter: the new response in > base64 encoding */ > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index cf8adc7..e53e3bd 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -44,7 +44,7 @@ > #include <openssl/x509.h> > #include <openssl/err.h> > #include <openssl/rand.h> > -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB > +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined > OPENSSL_IS_BORINGSSL) > #include <openssl/ocsp.h> > #endif > > @@ -112,7 +112,7 @@ static DH *local_dh_4096 = NULL; > static DH *local_dh_8192 = NULL; > #endif /* OPENSSL_NO_DH */ > > -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB > +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined > OPENSSL_IS_BORINGSSL) > struct certificate_ocsp { > struct ebmb_node key; > unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH]; > @@ -1282,7 +1282,7 @@ static int ssl_sock_load_cert_file(const char *path, > struct bind_conf *bind_conf > } > #endif > > -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB > +#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined > OPENSSL_IS_BORINGSSL) > ret = ssl_sock_load_ocsp(ctx, path); > if (ret < 0) { > if (err) > -- > 1.9.1 > >