Re: "Dereferencing Pointer To Incomplete Type" on ARM

Tue, 25 Aug 2015 06:54:08 -0700 

Hello!

On Mon, Aug 24, 2015 at 10:40:05PM -0400, vindicator wrote:

> Thanks, but no. I'm still getting that error:
> *****
> cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g 
> -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
>         -o objs/src/event/ngx_event_openssl.o \
>         src/event/ngx_event_openssl.c
> src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
> src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to
> incomplete type
>          if (c->ssl->connection->s3) {
>                                ^
> src/event/ngx_event_openssl.c:1166:31: error: dereferencing pointer to
> incomplete type
>              c->ssl->connection->s3->flags |=
> SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
>                                ^
> src/event/ngx_event_openssl.c: In function
> ‘ngx_ssl_session_ticket_key_callback’:
> src/event/ngx_event_openssl.c:2866:9: error: implicit declaration of
> function ‘RAND_pseudo_bytes’ [-Werror=implicit-function-declaration]
>          RAND_pseudo_bytes(iv, 16);
>          ^
> cc1: all warnings being treated as errors
> *****

[...]

Oh, it looks like you are trying to build nginx against OpenSSL 
master branch.  As OpenSSL guys are changing things rapidly 
nowadays, it's not really going to work.  Try any released version 
instead.

Quick and dirty fix below, but I wouldn't bet it will be enough to 
build with OpenSSL master even in a week from now.

--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1159,6 +1159,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
         c->send_chain = ngx_ssl_send_chain;
 
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#if 0
 
         /* initial handshake done, disable renegotiation (CVE-2009-3555) */
         if (c->ssl->connection->s3) {
@@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
         }
 
 #endif
+#endif
 
         return NGX_OK;
     }
@@ -2861,7 +2863,7 @@ ngx_ssl_session_ticket_key_callback(ngx_
                        ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
                        SSL_session_reused(ssl_conn) ? "reused" : "new");
 
-        RAND_pseudo_bytes(iv, 16);
+        RAND_bytes(iv, 16);
         EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv);
         HMAC_Init_ex(hctx, key[0].hmac_key, 16,
                      ngx_ssl_session_ticket_md(), NULL);


-- 
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to