[nginx] SSL: silenced GCC warnings when building with BoringSSL.

Alejandro Colomar alx.manpages at gmail.com
Thu Sep 8 12:06:28 UTC 2022


Hi Sergey,

On 9/8/22 13:31, Sergey Kandaurov wrote:
> details:   https://hg.nginx.org/nginx/rev/ba5cf8f73a2d
> branches:
> changeset: 8070:ba5cf8f73a2d
> user:      Sergey Kandaurov <pluknet at nginx.com>
> date:      Thu Sep 08 13:53:49 2022 +0400
> description:
> SSL: silenced GCC warnings when building with BoringSSL.
> 
> BoringSSL uses macro stub for SSL_CTX_set_ecdh_auto that expands to 1,
> which triggers -Wunused-value "statement with no effect" warnings.

I think this workaround is incorrect, and the problem is in the buildsystem.

See gcc(1):

        -I dir
        -iquote dir
        -isystem dir
        -idirafter dir
            ...

            You can use -I to  override  a  system  header  file,
            substituting    your   own   version,   since   these
            directories are searched before the  standard  system
            header file directories.  However, you should not use
            this  option  to add directories that contain vendor‐
            supplied system header files; use -isystem for that.

            The -isystem and -idirafter  options  also  mark  the
            directory  as a system directory, so that it gets the
            same  special  treatment  that  is  applied  to   the
            standard system directories.

            ...


Basically, -isystem works as -I, but disables warnings caused by system 
headers.

With that flag, I don't get any warnings in the following simple 
reproducer (a bit weird is that clang doesn't get a warning even with -I):

$ tree
.
├── include
│   └── one.h
└── main.c

1 directory, 2 files
$
$ cat include/one.h
#define ONE()  1
$
$ cat main.c
#include <one.h>

int
main(void)
{
	ONE();

	return 0;
}
$
$ gcc -Wall -Wextra -isystem./include main.c
$
$ clang -Weverything -isystem./include main.c
$
$ gcc -Wall -Wextra -I./include main.c
In file included from main.c:1:
main.c: In function ‘main’:
./include/one.h:1:16: warning: statement with no effect [-Wunused-value]
     1 | #define ONE()  1
       |                ^
main.c:6:9: note: in expansion of macro ‘ONE’
     6 |         ONE();
       |         ^~~
$
$ clang -Weverything -I./include main.c
$


Of course, this is considering that you normally don't want to get 
warnings from dubious system headers, which normally should be the case 
in user applications, but you may legitimately doubt the correctness of 
some dependencies, and may want to see the warnings...

Cheers,

Alex


> 
> diffstat:
> 
>   src/event/ngx_event_openssl.c |  2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diffs (12 lines):
> 
> diff -r a423e314c22f -r ba5cf8f73a2d src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c	Wed Sep 07 00:47:31 2022 +0300
> +++ b/src/event/ngx_event_openssl.c	Thu Sep 08 13:53:49 2022 +0400
> @@ -1428,7 +1428,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s
>   
>   #ifdef SSL_CTRL_SET_ECDH_AUTO
>       /* not needed in OpenSSL 1.1.0+ */
> -    SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
> +    (void) SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
>   #endif
>   
>       if (ngx_strcmp(name->data, "auto") == 0) {
> _______________________________________________
> nginx-devel mailing list -- nginx-devel at nginx.org
> To unsubscribe send an email to nginx-devel-leave at nginx.org

-- 
<http://www.alejandro-colomar.es/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20220908/262bc68c/attachment.bin>


More information about the nginx-devel mailing list