Issues building Nginx using boringssl

杨金泽 rttwyjz at gmail.com
Tue Feb 20 05:22:55 UTC 2024


Hello,
I encountered the following error when using boringssl to build Nginx:
checking for OpenSSL library ... not found
checking for OpenSSL library in /usr/local/ ... not found
checking for OpenSSL library in /usr/pkg/ ... not found
checking for OpenSSL library in /opt/local/ ... not found
./auto/configure: error: SSL modules require the OpenSSL library.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.

At first I thought it was caused by openssl not existing, but when I ran
openssl version -a, everything was normal:
root at iZ2hmeokcpbj42Z ~/nginx # openssl version -a
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)
built on: Mon Oct 23 17:52:22 2023 UTC
platform: debian-amd64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall
-fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2
-Wa,--noexecstack -g -O2 -ffile-prefix-map=
/build/reproducible-path/openssl-3.0.11=. -fstack-protector-strong -Wformat
-Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC
-DOPENSSL_BUILDING_OPENSSL -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-3"
MODULESDIR: "/usr/lib/x86_64-linux-gnu/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xfffa32035f8bffff:0xd01e4fbb

Later my friend and I discovered that the latest boringssl compatible
OpenSSL version seems to have been upgraded to 3.2.x, but I am not sure if
this is the problem. The final solution was to switch to
https://github.com/google/boringssl
/commit/c39e6cd9ec5acebb6de2adffc03cfe03b07f08ab this commit.But I don't
think switching to a previous commit to build is a perfect solution, so I'd
like to ask for some help.

My build steps are as follows:
apt update
apt install build-essential ca-certificates zlib1g-dev libpcre3
libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial
libunwind-dev pkg-config

git clone https://github.com/google/boringssl.git
cd boringssl
mkdir build
cd build
cmake -GNinja ..
ninja
cd ../..

git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF
-DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto
-funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections"
-DCMAKE_CXX_FLAGS ="-Ofast -m64 -march=native -mtune=native -flto
-funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections"
-DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../..

hg clone https://hg.nginx.org/nginx
cd nginx
./auto/configure --user=www --group=www --prefix=/www/server/nginx
--with-pcre --add-module=/root/ngx_brotli --with-http_v2_module
--with-stream --with-stream_ssl_module --with-http_ssl_module
--with-http_gzip_static_module --with-http_gunzip_module
--with-http_sub_module --with-http_flv_module --with-http_addition_module
--with-http_realip_module --with-http_mp4_module --with-ld -opt=-Wl,-E
--with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module
--with-http_v3_module --with-cc-opt=-I ../boringssl/include
--with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
make
make install

System information:
checking for OS
+ Linux 6.1.0-18-amd64 x86_64
checking for C compiler ... found
+ using GNU C compiler
+ gcc version: 12.2.0 (Debian 12.2.0-14)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240220/69fffd00/attachment-0001.htm>


More information about the nginx mailing list