Hello! On Tue, Sep 06, 2022 at 03:35:20PM +0400, Sergey Kandaurov wrote:
> > On 6 Sep 2022, at 07:49, Maxim Dounin <mdou...@mdounin.ru> wrote: > > > > Hello! > > > > On Mon, Sep 05, 2022 at 10:44:06PM +0400, Sergey Kandaurov wrote: > > > >>> On 1 Sep 2022, at 20:49, Maxim Dounin <mdou...@mdounin.ru> wrote: > >>> > >>> # HG changeset patch > >>> # User Maxim Dounin <mdou...@mdounin.ru> > >>> # Date 1662050858 -10800 > >>> # Thu Sep 01 19:47:38 2022 +0300 > >>> # Node ID d73286c43b44f3161ca4de1d9d1cbb070c6da4a7 > >>> # Parent 63a4b5ffd440c526bc96c6879dc1b6b489975d98 > >>> Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379). > >> > >> BTW, win32 build on Windows XP with OpenSSL 3.0.x is currently broken > >> for another reason: due to a missing InterlockedOr64 implementation. > >> See the related fix, expected to appear in upcoming OpenSSL 3.0.6: > >> ce3951fc30c7bc7c3dbacba19d87c79d9af9da0d > > > > Well, that's exactly the reason why I've fixed 64-bit build with > > MSVC 2010, the 2nd patch in this series. But see ticket's > > comment:1, the patch committed into OpenSSL is incomplete and only > > fixes MSVC 2008 and older, but won't fix Windows XP builds in newer > > compilers. > > So, the checks for _MSC_VER in the committed fix > seem to be not enough if older WIN32_WINNT requested. Yes, exactly. Either way, this should be irrelevant to nginx builds with "no-threads". [...] > >>> -#ifdef BIO_get_ktls_send > >>> +#if (defined BIO_get_ktls_send && !NGX_WIN32) > >>> > >>> int sslerr, flags; > >>> ssize_t n; > >>> > >> > >> This could be simplified if replaced #ifdef with #if. > >> BIO_get_ktls_send is documented to be a macro (and so tested here). > >> When OpenSSL isn't configured with KTLS, the macro is explanded to 0. > >> Replacement allows optimize ngx_ssl_sendfile() at compile time, as well. > > > > While BIO_get_ktls_send is documented to be a macro, it's not > > required to expand to "(0)" if KTLS is not supported. > > Well, this is sort of documented in SSL_write.pod: > SSL_sendfile() is available only when > Kernel TLS is enabled, which can be checked by calling BIO_get_ktls_send(). > > Then in BIO_ctrl.pod: > BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for > sending. Otherwise, it returns zero. It still not required to expand to "(0)", and can instead expand to a function which returns 0, making it completely indistinguishable from the case when KTLS can be supported. Either way, this is irrelevant, given that #if also breaks positive tests. > > Further, it's not going to actually work for positive tests, since > > non-numeric macro values will evaluate to 0, effectively disabling > > SSL_sendfile() for all builds. > > Missed that point, thnx. [...] > > # HG changeset patch > > # User Maxim Dounin <mdou...@mdounin.ru> > > # Date 1662434808 -10800 > > # Tue Sep 06 06:26:48 2022 +0300 > > # Node ID 5e493208769dd754253f567405c05b3cf5f05c8a > > # Parent 2642d97294f0e09c1fd67e434aae759768805617 > > Win32: disabled threads support in OpenSSL builds. > > > > Threads are disabled during UNIX builds (see b329c0ab1a48), and also not > > needed for Windows builds. > > > > This used to be the default before OpenSSL 1.1.0. > > > > diff -r 2642d97294f0 -r 5e493208769d auto/lib/openssl/makefile.msvc > > --- a/auto/lib/openssl/makefile.msvc Tue Sep 06 05:48:19 2022 +0300 > > +++ b/auto/lib/openssl/makefile.msvc Tue Sep 06 06:26:48 2022 +0300 > > @@ -6,7 +6,7 @@ > > all: > > cd $(OPENSSL) > > > > - perl Configure VC-WIN32 no-shared \ > > + perl Configure VC-WIN32 no-shared no-threads \ > > --prefix="%cd%/openssl" \ > > --openssldir="%cd%/openssl/ssl" \ > > $(OPENSSL_OPT) > > > > > > Looks good. > Does it make sense to apply this to makefile.bcc for consistency? I've considered it, but decided to don't touch makefile.bcc, given that OpenSSL 1.1.0 removed "the aged BC-32 config and all its supporting scripts" (quote from CHANGES), so "no-threads" for BCC is the default for all existing OpenSSL versions which do support building with BCC. Pushed to http://mdounin.ru/hg/nginx, thanks. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list -- nginx-devel@nginx.org To unsubscribe send an email to nginx-devel-le...@nginx.org
