[PATCH] Upstream: fix warning when building with BoringSSL

Maxim Dounin mdounin at mdounin.ru
Mon Oct 3 17:38:22 UTC 2016 

Hello!

On Fri, Sep 30, 2016 at 05:50:27AM -0700, Piotr Sikora wrote:

> Hey Alessandro,
> 
> > # HG changeset patch
> > # User Alessandro Ghedini <alessandro at cloudflare.com>
> > # Date 1475070884 -3600
> > #      Wed Sep 28 14:54:44 2016 +0100
> > # Node ID fe7d9e3987d40f16d86fd01d94ad16ff58467af2
> > # Parent  29bf0dbc0a77914bc94bd001a2b17d364e8e50d9
> > Upstream: fix warning when building with BoringSSL
> >
> > BoringSSL takes a const u_char * for SSL_set_tlsext_host_name but
> > OpenSSL only takes a u_char *. Since NGINX is built with -Werror by
> > default this breaks the build.
> 
> You need to apply the same fix to ngx_stream_proxy_module.c.
> 
> btw: I've sent exactly the same patch in the past, so good luck:
> http://mailman.nginx.org/pipermail/nginx-devel/2015-November/007499.html

I have no strong objections, but the patch as you've submitted 
casts to "const char *", while just "char *" should be enough.

And BoringSSL still fails to build on FreeBSD out of the box (not 
to mention it now requires Go for building), which makes it 
non-trivial to test BoringSSL-related changes.

Unless there are objections, I'm going to commit the patch below 
which adds (char *) casts.

# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1475515513 -10800
#      Mon Oct 03 20:25:13 2016 +0300
# Node ID 9984d19e3990b662045617f60ea0fa500d8d6afb
# Parent  08b6836c9299942d642bd60442c7e58aee6356dc
SSL: compatibility with BoringSSL.

BoringSSL changed SSL_set_tlsext_host_name() to be a real function
with a (const char *) argument, so it now triggers a warning due to
conversion from (u_char *).  Added an explicit cast to silence the
warning.

Prodded by Piotr Sikora, Alessandro Ghedini.

diff -r 08b6836c9299 -r 9984d19e3990 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c	Mon Jun 27 15:00:06 2016 -0700
+++ b/src/http/ngx_http_upstream.c	Mon Oct 03 20:25:13 2016 +0300
@@ -1690,7 +1690,10 @@ ngx_http_upstream_ssl_name(ngx_http_requ
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "upstream SSL server name: \"%s\"", name.data);
 
-    if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) {
+    if (SSL_set_tlsext_host_name(c->ssl->connection,
+                                 (char *) name.data)
+        == 0)
+    {
         ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0,
                       "SSL_set_tlsext_host_name(\"%s\") failed", name.data);
         return NGX_ERROR;
diff -r 08b6836c9299 -r 9984d19e3990 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c	Mon Jun 27 15:00:06 2016 -0700
+++ b/src/stream/ngx_stream_proxy_module.c	Mon Oct 03 20:25:13 2016 +0300
@@ -948,7 +948,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses
     ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
                    "upstream SSL server name: \"%s\"", name.data);
 
-    if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data)
+    if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection,
+                                 (char *) name.data)
         == 0)
     {
         ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0,

-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list