subject:"error at build time In function 'SSL_CTX_get0_privatekey' error\: dereferencing pointer to incomplete type"

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

2017-08-10 Thread Aleksandar Lazic

Hi Emmanuel.

Aleksandar Lazic wrote on 09.08.2017:

> Hi Emmanuel


> Emmanuel Hocdet wrote on 09.08.2017:
>>
>> Hi Aleksandar,
>>
>>> Le 9 août 2017 à 13:39, Aleksandar Lazic  a écrit :

[snipp]

>> can you test with this patch?:

> Wow that was fast, thanks ;-)

> https://github.com/git001/haproxy-waf/blob/master/Dockerfile#L57

> Build passed
> https://travis-ci.org/git001/haproxy-waf

Please can you create a patch with comments so that it can be merged.

Thank you very much.

-- 
Best Regards
Aleks

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

2017-08-09 Thread Aleksandar Lazic

Hi Emmanuel


Emmanuel Hocdet wrote on 09.08.2017:
>
> Hi Aleksandar,
>
>> Le 9 août 2017 à 13:39, Aleksandar Lazic  a écrit :
>> 
>> Hi,
>> 
>> Today I have tried to recreate the WAF.
>> 
>> I received this error at build time.
>> 
>> ###
>> + cd /usr/src
>> + git clone http://git.haproxy.org/git/haproxy.git/
>> Cloning into 'haproxy'...
>> + make -C /usr/src/haproxy TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 
>> USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 USE_PCRE_JIT=1 USE_LUA=1 all 
>> install-bin
>> make: Entering directory `/usr/src/haproxy'
>> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
>> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
>> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
>> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
>> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
>> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
>> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
>> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_poll.o src/ev_poll.c
>> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
>> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
>> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
>> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
>> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
>> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
>> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
>> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_epoll.o src/ev_epoll.c
>> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
>> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
>> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
>> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
>> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
>> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
>> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
>> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ssl_sock.o src/ssl_sock.c
>> In file included from src/ssl_sock.c:94:0:
>> include/proto/openssl-compat.h: In function 'SSL_CTX_get0_privatekey':
>> include/proto/openssl-compat.h:99:19: error: dereferencing pointer to 
>> incomplete type
>>   return ctx->cert->key->privatekey;
>>   ^
>> include/proto/openssl-compat.h:102:1: warning: control reaches end of 
>> non-void function [-Wreturn-type]
>> }
>> ^
>> make: *** [src/ssl_sock.o] Error 1
>> make: Leaving directory `/usr/src/haproxy'
>> ###
>> 
>> Openssl is
>> ---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be installed
>> ---> Package openssl-devel.x86_64 1:1.0.1e-60.el7_3.1 will be installed
>> 
>> I thought this case is covert with this commit.
>> 
>> http://git.haproxy.org/?p=haproxy.git;a=commit;h=48a8332a4a82f151877bd6baf567031088845f2d
>> 
>> ##
>> BUG/MEDIUM: ssl: Fix regression about certificates generation
>> 
>> Since the commit f6b37c67 ["BUG/MEDIUM: ssl: in bind line, ssl-options after
>> 'crt' are ignored."], the certificates generation is broken.
>> 
>> To generate a certificate, we retrieved the private key of the default
>> certificate using the SSL object. But since the commit f6b37c67, the SSL 
>> object
>> is created with a dummy certificate (initial_ctx).
>> 
>> So to fix the bug, we use directly the default certificate in the bind_conf
>> structure. We use SSL_CTX_get0_privatekey function to do so. Because this
>> function does not exist for OpenSSL < 1.0.2 and for LibreSSL, it has been 
>> added
>> in openssl-compat.h with the right #ifdef.
>> ##
>> 
>> [root@centos-512mb-fra1-01 haproxy-waf]# egrep OPENSSL_VERSION_NUMBER  
>> /usr/include/openssl/*
>> /usr/include/openssl/crypto.h:#define SSLEAY_VERSION_NUMBER 
>> OPENSSL_VERSION_NUMBER
>> /usr/include/openssl/opensslv.h:#define OPENSSL_VERSION_NUMBER  0x1000105fL
>> 
>> How can I help to fix this issue?
>> 

> can you test with this patch?:

Wow that was fast, thanks ;-)

https://github.com/git001/haproxy-waf/blob/master/Dockerfile#L57

Build passed
https://travis-ci.org/git001/haproxy-waf


-- 
Best Regards
Aleks

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

2017-08-09 Thread Emmanuel Hocdet


Hi Aleksandar,

> Le 9 août 2017 à 13:39, Aleksandar Lazic  a écrit :
> 
> Hi,
> 
> Today I have tried to recreate the WAF.
> 
> I received this error at build time.
> 
> ###
> + cd /usr/src
> + git clone http://git.haproxy.org/git/haproxy.git/
> Cloning into 'haproxy'...
> + make -C /usr/src/haproxy TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 
> USE_ZLIB=1 USE_LINUX_SPLICE=1 USE_TFO=1 USE_PCRE_JIT=1 USE_LUA=1 all 
> install-bin
> make: Entering directory `/usr/src/haproxy'
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_poll.o src/ev_poll.c
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_epoll.o src/ev_epoll.c
> gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
> -Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE 
> -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  
> -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS 
> -DUSE_ACCEPT4 -DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  
> -DUSE_PCRE -I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
> -DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
> -DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ssl_sock.o src/ssl_sock.c
> In file included from src/ssl_sock.c:94:0:
> include/proto/openssl-compat.h: In function 'SSL_CTX_get0_privatekey':
> include/proto/openssl-compat.h:99:19: error: dereferencing pointer to 
> incomplete type
>   return ctx->cert->key->privatekey;
>   ^
> include/proto/openssl-compat.h:102:1: warning: control reaches end of 
> non-void function [-Wreturn-type]
> }
> ^
> make: *** [src/ssl_sock.o] Error 1
> make: Leaving directory `/usr/src/haproxy'
> ###
> 
> Openssl is
> ---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be installed
> ---> Package openssl-devel.x86_64 1:1.0.1e-60.el7_3.1 will be installed
> 
> I thought this case is covert with this commit.
> 
> http://git.haproxy.org/?p=haproxy.git;a=commit;h=48a8332a4a82f151877bd6baf567031088845f2d
> 
> ##
> BUG/MEDIUM: ssl: Fix regression about certificates generation
> 
> Since the commit f6b37c67 ["BUG/MEDIUM: ssl: in bind line, ssl-options after
> 'crt' are ignored."], the certificates generation is broken.
> 
> To generate a certificate, we retrieved the private key of the default
> certificate using the SSL object. But since the commit f6b37c67, the SSL 
> object
> is created with a dummy certificate (initial_ctx).
> 
> So to fix the bug, we use directly the default certificate in the bind_conf
> structure. We use SSL_CTX_get0_privatekey function to do so. Because this
> function does not exist for OpenSSL < 1.0.2 and for LibreSSL, it has been 
> added
> in openssl-compat.h with the right #ifdef.
> ##
> 
> [root@centos-512mb-fra1-01 haproxy-waf]# egrep OPENSSL_VERSION_NUMBER  
> /usr/include/openssl/*
> /usr/include/openssl/crypto.h:#define SSLEAY_VERSION_NUMBER 
> OPENSSL_VERSION_NUMBER
> /usr/include/openssl/opensslv.h:#define OPENSSL_VERSION_NUMBER  0x1000105fL
> 
> How can I help to fix this issue?
> 

can you test with this patch?:



fix_get0privatekey_compat.diff
Description: Binary data


Manu

error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

2017-08-09 Thread Aleksandar Lazic

Hi,

Today I have tried to recreate the WAF.

I received this error at build time.

###
+ cd /usr/src
+ git clone http://git.haproxy.org/git/haproxy.git/
Cloning into 'haproxy'...
+ make -C /usr/src/haproxy TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 
USE_LINUX_SPLICE=1 USE_TFO=1 USE_PCRE_JIT=1 USE_LUA=1 all install-bin
make: Entering directory `/usr/src/haproxy'
gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
-Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
-DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
-DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
-DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  -DUSE_PCRE 
-I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
-DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
-DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_poll.o src/ev_poll.c
gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
-Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
-DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
-DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
-DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  -DUSE_PCRE 
-I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
-DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
-DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ev_epoll.o src/ev_epoll.c
gcc -Iinclude -Iebtree -Wall  -O2 -g -fno-strict-aliasing 
-Wdeclaration-after-statement -fwrapv   -DCONFIG_HAP_LINUX_SPLICE -DTPROXY 
-DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB  -DENABLE_POLL 
-DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 
-DNETFILTER -DUSE_OPENSSL  -DUSE_SYSCALL_FUTEX -DUSE_LUA  -DUSE_PCRE 
-I/usr/include -DUSE_PCRE_JIT -DUSE_TFO  
-DCONFIG_HAPROXY_VERSION=\"1.8-dev2-316947-114\" 
-DCONFIG_HAPROXY_DATE=\"2017/08/03\" -c -o src/ssl_sock.o src/ssl_sock.c
In file included from src/ssl_sock.c:94:0:
include/proto/openssl-compat.h: In function 'SSL_CTX_get0_privatekey':
include/proto/openssl-compat.h:99:19: error: dereferencing pointer to 
incomplete type
   return ctx->cert->key->privatekey;
   ^
include/proto/openssl-compat.h:102:1: warning: control reaches end of non-void 
function [-Wreturn-type]
 }
 ^
make: *** [src/ssl_sock.o] Error 1
make: Leaving directory `/usr/src/haproxy'
###

Openssl is
---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be installed
---> Package openssl-devel.x86_64 1:1.0.1e-60.el7_3.1 will be installed

I thought this case is covert with this commit.

http://git.haproxy.org/?p=haproxy.git;a=commit;h=48a8332a4a82f151877bd6baf567031088845f2d

##
BUG/MEDIUM: ssl: Fix regression about certificates generation

Since the commit f6b37c67 ["BUG/MEDIUM: ssl: in bind line, ssl-options after
'crt' are ignored."], the certificates generation is broken.

To generate a certificate, we retrieved the private key of the default
certificate using the SSL object. But since the commit f6b37c67, the SSL object
is created with a dummy certificate (initial_ctx).

So to fix the bug, we use directly the default certificate in the bind_conf
structure. We use SSL_CTX_get0_privatekey function to do so. Because this
function does not exist for OpenSSL < 1.0.2 and for LibreSSL, it has been added
in openssl-compat.h with the right #ifdef.
##

[root@centos-512mb-fra1-01 haproxy-waf]# egrep OPENSSL_VERSION_NUMBER  
/usr/include/openssl/*
/usr/include/openssl/crypto.h:#define SSLEAY_VERSION_NUMBER 
OPENSSL_VERSION_NUMBER
/usr/include/openssl/opensslv.h:#define OPENSSL_VERSION_NUMBER  0x1000105fL

How can I help to fix this issue?

-- 
Best Regards
Aleks

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

Re: error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

error at build time In function 'SSL_CTX_get0_privatekey' error: dereferencing pointer to incomplete type

4 matches

Site Navigation

Mail list logo

Footer information