Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.

[Alejandro Colomar]

Hi Sergey,

On 9/8/22 13:31, Sergey Kandaurov wrote:

details:   https://hg.nginx.org/nginx/rev/ba5cf8f73a2d
branches:
changeset: 8070:ba5cf8f73a2d
user:      Sergey Kandaurov <pluk...@nginx.com>
date:      Thu Sep 08 13:53:49 2022 +0400
description:
SSL: silenced GCC warnings when building with BoringSSL.

BoringSSL uses macro stub for SSL_CTX_set_ecdh_auto that expands to 1,
which triggers -Wunused-value "statement with no effect" warnings.

I think this workaround is incorrect, and the problem is in the buildsystem.

See gcc(1):

       -I dir
       -iquote dir
       -isystem dir
       -idirafter dir
           ...

           You can use -I to  override  a  system  header  file,
           substituting    your   own   version,   since   these
           directories are searched before the  standard  system
           header file directories.  However, you should not use
           this  option  to add directories that contain vendor‐
           supplied system header files; use -isystem for that.

           The -isystem and -idirafter  options  also  mark  the
           directory  as a system directory, so that it gets the
           same  special  treatment  that  is  applied  to   the
           standard system directories.

           ...






$ tree
.
├── include
│   └── one.h
└── main.c

1 directory, 2 files
$
$ cat include/one.h
#define ONE()  1
$
$ cat main.c
#include <one.h>

int
main(void)
{
        ONE();

        return 0;
}
$
$ gcc -Wall -Wextra -isystem./include main.c
$
$ clang -Weverything -isystem./include main.c
$
$ gcc -Wall -Wextra -I./include main.c
In file included from main.c:1:
main.c: In function ‘main’:
./include/one.h:1:16: warning: statement with no effect [-Wunused-value]
    1 | #define ONE()  1
      |                ^
main.c:6:9: note: in expansion of macro ‘ONE’
    6 |         ONE();
      |         ^~~
$
$ clang -Weverything -I./include main.c
$




Cheers,

Alex

Basically, -isystem works as -I, but disables warnings caused by system headers. With that flag, I don't get any warnings in the following simple reproducer (a bit weird is that clang doesn't get a warning even with -I): Of course, this is considering that you normally don't want to get warnings from dubious system headers, which normally should be the case in user applications, but you may legitimately doubt the correctness of some dependencies, and may want to see the warnings...

diffstat:

  src/event/ngx_event_openssl.c |  2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r a423e314c22f -r ba5cf8f73a2d src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Wed Sep 07 00:47:31 2022 +0300
+++ b/src/event/ngx_event_openssl.c     Thu Sep 08 13:53:49 2022 +0400
@@ -1428,7 +1428,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s

      /* not needed in OpenSSL 1.1.0+ */
-    SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
+    (void) SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
  #endif

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org

#ifdef SSL_CTRL_SET_ECDH_AUTO if (ngx_strcmp(name->data, "auto") == 0) {

--
<http://www.alejandro-colomar.es/>

OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org