Welcome! Log In Create A New Profile

Advanced

HAProxy fails to compile against BoringSSL since 1.8-rc1

Posted by Jamie Hewland 
Jamie Hewland
HAProxy fails to compile against BoringSSL since 1.8-rc1
November 11, 2017 04:40PM
Hi there,

I maintain a Docker-based build of HAProxy built against BoringSSL,
tracking the BoringSSL version in Google Chrome:
https://github.com/JayH5/docker-haproxy-boringssl

I'm not really using this for anything... it's mostly just for fun and to
try out TLS 1.3.

This used to build okay on the 1.8 branch with the 1.8-dev releases, but
since 1.8-rc1, the build has broken with errors as follows:

gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -Wno-null-dereference
-Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY
-DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL
-DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4
-DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include
-DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include
-I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8
-I/usr/include -DUSE_PCRE2_JIT
-DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\"
-DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
src/ssl_sock.c:1956:20: warning: implicit declaration of function
'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
^~~~~~~~~~~~~~~~~~~~~~~
src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this function)
methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
^~~~~~~
src/ssl_sock.c:2271:64: note: each undeclared identifier is reported
only once for each function it appears in
src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this function)
methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
^~~~~~~
make: *** [Makefile:896: src/ssl_sock.o] Error 1
make: *** Waiting for unfinished jobs....


I haven't really had the time/energy to properly dig through things but I
think there are some problems with the ifdefs in ssl_sock.c. I thought it
might be worth reporting before the final 1.8 version is released.

An example of the full logs of a Travis build are here:
https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108

Thank you for a very useful piece of software!


Jamie
Emmanuel Hocdet
Re: HAProxy fails to compile against BoringSSL since 1.8-rc1
November 13, 2017 10:20AM
Hi Jamie,

you need to take a up to date BoringSSL commit (https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10)

++
Manu

> Le 11 nov. 2017 à 16:32, Jamie Hewland <jhewland@gmail.com> a écrit :
>
> Hi there,
>
> I maintain a Docker-based build of HAProxy built against BoringSSL, tracking the BoringSSL version in Google Chrome: https://github.com/JayH5/docker-haproxy-boringssl https://github.com/JayH5/docker-haproxy-boringssl
>
> I'm not really using this for anything... it's mostly just for fun and to try out TLS 1.3.
>
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but since 1.8-rc1, the build has broken with errors as follows:
> gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-null-dereference -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/usr/include -DUSE_PCRE2_JIT -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
> c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~~~~~~~~~~~~~~~~~~~~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this function)
> methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~~~~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this function)
> methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~~~~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs....
>
> I haven't really had the time/energy to properly dig through things but I think there are some problems with the ifdefs in ssl_sock.c. I thought it might be worth reporting before the final 1.8 version is released.
>
> An example of the full logs of a Travis build are here: https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108 https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108
>
> Thank you for a very useful piece of software!
>
>
> Jamie
Jamie Hewland
Re: HAProxy fails to compile against BoringSSL since 1.8-rc1
November 13, 2017 06:20PM
Ah, this stuff moves too quickly! I got it to build with the BoringSSL
version in Chrome Beta (63).

Thank you for your time!

Jamie

On Mon, 13 Nov 2017 at 11:15 Emmanuel Hocdet <manu@gandi.net> wrote:

>
> Hi Jamie,
>
> you need to take a up to date BoringSSL commit (
> https://github.com/JayH5/docker-haproxy-boringssl/blob/master/1.8-dev/Dockerfile#L10
> )
>
> ++
> Manu
>
> Le 11 nov. 2017 à 16:32, Jamie Hewland <jhewland@gmail.com> a écrit :
>
> Hi there,
>
> I maintain a Docker-based build of HAProxy built against BoringSSL,
> tracking the BoringSSL version in Google Chrome:
> https://github.com/JayH5/docker-haproxy-boringssl
>
> I'm not really using this for anything... it's mostly just for fun and to
> try out TLS 1.3.
>
> This used to build okay on the 1.8 branch with the 1.8-dev releases, but
> since 1.8-rc1, the build has broken with errors as follows:
>
> gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-null-dereference -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -I/usr/local/boringssl/include -DUSE_SYSCALL_FUTEX -DUSE_LUA -I/usr/local/lua/include -I/usr/local/lua/include -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/usr/include -DUSE_PCRE2_JIT -DCONFIG_HAPROXY_VERSION=\"1.8-rc3-34650d5\" -DCONFIG_HAPROXY_DATE=\"2017/11/11\" -c -o src/hlua.o src/hlua.c
> src/ssl_sock.c: In function 'ctx_set_TLSv10_func':
> src/ssl_sock.c:1956:20: warning: implicit declaration of function 'SSL_CTX_set_ssl_version' [-Wimplicit-function-declaration]
> c == SET_SERVER ? SSL_CTX_set_ssl_version(ctx, TLSv1_server_method())
> ^~~~~~~~~~~~~~~~~~~~~~~
> src/ssl_sock.c: In function 'ssl_sock_switchctx_cbk':
> src/ssl_sock.c:2271:64: error: 'SET_MIN' undeclared (first use in this function)
> methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
> ^~~~~~~
> src/ssl_sock.c:2271:64: note: each undeclared identifier is reported only once for each function it appears in
> src/ssl_sock.c:2272:64: error: 'SET_MAX' undeclared (first use in this function)
> methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
> ^~~~~~~
> make: *** [Makefile:896: src/ssl_sock.o] Error 1
> make: *** Waiting for unfinished jobs....
>
>
> I haven't really had the time/energy to properly dig through things but I
> think there are some problems with the ifdefs in ssl_sock.c. I thought it
> might be worth reporting before the final 1.8 version is released.
>
> An example of the full logs of a Travis build are here:
> https://travis-ci.org/JayH5/docker-haproxy-boringssl/builds/300625108
>
> Thank you for a very useful piece of software!
>
>
> Jamie
>
>
>
Sorry, only registered users may post in this forum.

Click here to login