[PATCH] Upstream: fix warning when building with BoringSSL
Maxim Dounin
mdounin at mdounin.ru
Mon Oct 3 17:38:22 UTC 2016
Hello!
On Fri, Sep 30, 2016 at 05:50:27AM -0700, Piotr Sikora wrote:
> Hey Alessandro,
>
> > # HG changeset patch
> > # User Alessandro Ghedini <alessandro at cloudflare.com>
> > # Date 1475070884 -3600
> > # Wed Sep 28 14:54:44 2016 +0100
> > # Node ID fe7d9e3987d40f16d86fd01d94ad16ff58467af2
> > # Parent 29bf0dbc0a77914bc94bd001a2b17d364e8e50d9
> > Upstream: fix warning when building with BoringSSL
> >
> > BoringSSL takes a const u_char * for SSL_set_tlsext_host_name but
> > OpenSSL only takes a u_char *. Since NGINX is built with -Werror by
> > default this breaks the build.
>
> You need to apply the same fix to ngx_stream_proxy_module.c.
>
> btw: I've sent exactly the same patch in the past, so good luck:
> http://mailman.nginx.org/pipermail/nginx-devel/2015-November/007499.html
I have no strong objections, but the patch as you've submitted
casts to "const char *", while just "char *" should be enough.
And BoringSSL still fails to build on FreeBSD out of the box (not
to mention it now requires Go for building), which makes it
non-trivial to test BoringSSL-related changes.
Unless there are objections, I'm going to commit the patch below
which adds (char *) casts.
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1475515513 -10800
# Mon Oct 03 20:25:13 2016 +0300
# Node ID 9984d19e3990b662045617f60ea0fa500d8d6afb
# Parent 08b6836c9299942d642bd60442c7e58aee6356dc
SSL: compatibility with BoringSSL.
BoringSSL changed SSL_set_tlsext_host_name() to be a real function
with a (const char *) argument, so it now triggers a warning due to
conversion from (u_char *). Added an explicit cast to silence the
warning.
Prodded by Piotr Sikora, Alessandro Ghedini.
diff -r 08b6836c9299 -r 9984d19e3990 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c Mon Jun 27 15:00:06 2016 -0700
+++ b/src/http/ngx_http_upstream.c Mon Oct 03 20:25:13 2016 +0300
@@ -1690,7 +1690,10 @@ ngx_http_upstream_ssl_name(ngx_http_requ
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
- if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+ if (SSL_set_tlsext_host_name(c->ssl->connection,
+ (char *) name.data)
+ == 0)
+ {
ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
"SSL_set_tlsext_host_name(\"%s\") failed", name.data);
return NGX_ERROR;
diff -r 08b6836c9299 -r 9984d19e3990 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c Mon Jun 27 15:00:06 2016 -0700
+++ b/src/stream/ngx_stream_proxy_module.c Mon Oct 03 20:25:13 2016 +0300
@@ -948,7 +948,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
"upstream SSL server name: \"%s\"", name.data);
- if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data)
+ if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection,
+ (char *) name.data)
== 0)
{
ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0,
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list