Re: HAProxy fails to compile against BoringSSL since 1.8-rc1

2017-11-13 Thread Jamie Hewland 
Ah, this stuff moves too quickly! I got it to build with the BoringSSL
version in Chrome Beta (63).

Thank you for your time!

Jamie

On Mon, 13 Nov 2017 at 11:15 Emmanuel Hocdet  wrote:

>
> Hi Jamie,
>
> you need to take a up to date BoringSSL commit (
> https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10
> )
>
> ++
> Manu
>
> Le 11 nov. 2017 à 16:32, Jamie Hewland  a écrit :
>
> Hi there,
>
> I maintain a Docker-based build of HAProxy built against BoringSSL,
> tracking the BoringSSL version in Google Chrome:
> https://github.com/JayH5/docker-haproxy-boringssl
>
> I'm not really using this for anything... it's mostly just for fun and to
> try out TLS 1.3.
>
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but
> since 1.8-rc1, the build has broken with errors as follows:
>
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -Wno-null-dereference 
> -Wno-unused-label   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
> -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
> -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
> -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include 
> -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include 
> -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8  
> -I/usr/include -DUSE_PCRE2_JIT  -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" 
> -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 
> 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
>   c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only 
> once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs
>
>
> I haven't really had the time/energy to properly dig through things but I
> think there are some problems with the ifdefs in ssl_sock.c. I thought it
> might be worth reporting before the final 1.8 version is released.
>
> An example of the full logs of a Travis build are here:
> https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108
>
> Thank you for a very useful piece of software!
>
>
> Jamie
>
>
>

Re: HAProxy fails to compile against BoringSSL since 1.8-rc1

2017-11-13 Thread Emmanuel Hocdet 

Hi Jamie,

you need to take a up to date BoringSSL commit 
(https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10)

++
Manu

> Le 11 nov. 2017 à 16:32, Jamie Hewland  a écrit :
> 
> Hi there,
> 
> I maintain a Docker-based build of HAProxy built against BoringSSL, tracking 
> the BoringSSL version in Google Chrome: 
> https://github.com/JayH5/docker-haproxy-boringssl 
> 
> 
> I'm not really using this for anything... it's mostly just for fun and to try 
> out TLS 1.3.
> 
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but 
> since 1.8-rc1, the build has broken with errors as follows:
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -Wno-null-dereference 
> -Wno-unused-label   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
> -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
> -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
> -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include 
> -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include 
> -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8  
> -I/usr/include -DUSE_PCRE2_JIT  -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" 
> -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 
> 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
>   c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only 
> once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this 
> function)
>  methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs
> 
> I haven't really had the time/energy to properly dig through things but I 
> think there are some problems with the ifdefs in ssl_sock.c. I thought it 
> might be worth reporting before the final 1.8 version is released.
> 
> An example of the full logs of a Travis build are here: 
> https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108 
> 
> 
> Thank you for a very useful piece of software!
> 
> 
> Jamie

HAProxy fails to compile against BoringSSL since 1.8-rc1

2017-11-11 Thread Jamie Hewland 
Hi there,

I maintain a Docker-based build of HAProxy built against BoringSSL,
tracking the BoringSSL version in Google Chrome:
https://github.com/JayH5/docker-haproxy-boringssl

I'm not really using this for anything... it's mostly just for fun and to
try out TLS 1.3.

This used to build okay on the 1.8 branch with the 1.8-dev releases, but
since 1.8-rc1, the build has broken with errors as follows:

gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv   -Wno-null-dereference
-Wno-unused-label   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY
-DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL
-DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4
-DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include
-DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include
-I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8
-I/usr/include -DUSE_PCRE2_JIT
-DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\"
-DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
src/ssl_sock.c:1956:20: warning: implicit declaration of function
'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
  c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
^~~
src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this function)
 methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
^~~
src/ssl_sock.c:2271:64: note: each undeclared identifier is reported
only once for each function it appears in
src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this function)
 methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
^~~
make: *** [Makefile:896: src/ssl_sock.o] Error 1
make: *** Waiting for unfinished jobs


I haven't really had the time/energy to properly dig through things but I
think there are some problems with the ifdefs in ssl_sock.c. I thought it
might be worth reporting before the final 1.8 version is released.

An example of the full logs of a Travis build are here:
https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108

Thank you for a very useful piece of software!


Jamie