Hi,
On 6/22/18 10:57 AM, Lukas Tribus wrote:
> SSL_INC and SSL_LIB expect actual paths, not additional commands.
> Replaces both with ADDLIB. Also you don't need to specify -lssl
> -lcrypt, USE_OPENSSL does not for you.
Then a bit confused by what I'm seeing atm.
With 'my' current, if incorrect, flags
unset LDFLAGS
make clean
make V=1 -j4 \
TARGET=linux2628 \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_OPENSSL=1 \
SSL_INC=" -I/usr/local/openssl11/include" \
SSL_LIB=" -L/usr/local/openssl11/lib64
-Wl,-rpath,/usr/local/openssl11/lib64" \
PCRE2_INC=" -I/usr/local/include" \
PCRE2_LIB=" -L/usr/local/lib64 -Wl,-rpath,/usr/local/lib64"
./haproxy -v
HA-Proxy version 1.8.10-ec17d7a 2018/06/22
ldd ./haproxy | egrep "ssl|crypto|pcre"
libssl.so.1.1 => /usr/local/openssl11/lib64/libssl.so.1.1
(0x00007f8debd8a000)
libcrypto.so.1.1 => /usr/local/openssl11/lib64/libcrypto.so.1.1
(0x00007f8deb8ef000)
libpcre2-8.so.0 => /usr/local/lib64/libpcre2-8.so.0
(0x00007f8deb666000)
libpcre2-posix.so.2 => /usr/local/lib64/libpcre2-posix.so.2
(0x00007f8deb463000)
with 'your' advised "actual paths", and from Makefile
# OpenSSL is packaged in various forms and with various dependencies.
# In general -lssl is enough, but on some platforms, -lcrypto may be
needed,
# reason why it's added by default. Some even need -lz, then you'll
need to
# pass it in the "ADDLIB" variable if needed. If your SSL libraries are
not
# in the usual path, use SSL_INC=/path/to/inc and SSL_LIB=/path/to/lib.
build fails, referencing deprecated, pre openssl 1.1.0 symbols,
unset LDFLAGS
make clean
make V=1 -j4 \
TARGET=linux2628 \
USE_PCRE2=1 \
USE_PCRE2_JIT=1 \
USE_OPENSSL=1 \
SSL_INC="/usr/local/openssl11/include" \
SSL_LIB="/usr/local/openssl11/lib64" \
PCRE2_INC="/usr/local/include" \
PCRE2_LIB="/usr/local/lib64"
...
gcc -Iinclude -Iebtree -Wall -O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -fwrapv -fno-strict-overflow
-Wno-format-truncation -Wno-null-dereference -Wno-unused-label
-DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT
-DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS
-DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL
-I/usr/local/openssl11/include -DUSE_SYSCALL_FUTEX -DUSE_PCRE2
-DPCRE2_CODE_UNIT_WIDTH=8 -I/usr/local/include -DUSE_PCRE2_JIT
-DCONFIG_HAPROXY_VERSION=\"1.8.10-ec17d7a\"
-DCONFIG_HAPROXY_DATE=\"2018/06/22\" -c -o src/ssl_sock.o src/ssl_sock.c
src/ssl_sock.c: In function ‘ssl_locking_function’:
src/ssl_sock.c:220:13: error: ‘CRYPTO_LOCK’ undeclared (first
use in this function); did you mean ‘CRYPTO_RWLOCK’?
if (mode & CRYPTO_LOCK) {
^~~~~~~~~~~
CRYPTO_RWLOCK
src/ssl_sock.c:220:13: note: each undeclared identifier is
reported only once for each function it appears in
src/ssl_sock.c:221:14: error: ‘CRYPTO_READ’ undeclared (first
use in this function); did you mean ‘CRYPTO_ONCE’?
if (mode & CRYPTO_READ)
^~~~~~~~~~~
CRYPTO_ONCE
src/ssl_sock.c: In function ‘ssl_locking_init’:
src/ssl_sock.c:238:43: warning: implicit declaration of
function ‘CRYPTO_num_locks’; did you mean ‘CRYPTO_realloc’?
[-Wimplicit-function-declaration]
ssl_rwlocks = malloc(sizeof(HA_RWLOCK_T)*CRYPTO_num_locks());
^~~~~~~~~~~~~~~~
CRYPTO_realloc
src/ssl_sock.c:245:2: warning: implicit declaration of function
‘CRYPTO_set_id_callback’; did you mean ‘BIO_set_callback’?
[-Wimplicit-function-declaration]
CRYPTO_set_id_callback(ssl_id_function);
^~~~~~~~~~~~~~~~~~~~~~
BIO_set_callback
src/ssl_sock.c:246:2: warning: implicit declaration of function
‘CRYPTO_set_locking_callback’; did you mean ‘BIO_set_info_callback’?
[-Wimplicit-function-declaration]
CRYPTO_set_locking_callback(ssl_locking_function);
^~~~~~~~~~~~~~~~~~~~~~~~~~~
BIO_set_info_callback
src/ssl_sock.c: In function ‘ssl_sock_do_create_cert’:
src/ssl_sock.c:1693:23: warning: implicit declaration of
function ‘X509_get_notBefore’; did you mean ‘X509_getm_notBefore’?
[-Wimplicit-function-declaration]
if (!X509_gmtime_adj(X509_get_notBefore(newcrt),
(long)-60*60*24) ||
^~~~~~~~~~~~~~~~~~
X509_getm_notBefore
src/ssl_sock.c:1693:23: warning: passing argument 1 of
‘X509_gmtime_adj’ makes pointer from integer without a cast [-Wint-conversion]
if (!X509_gmtime_adj(X509_get_notBefore(newcrt),
(long)-60*60*24) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from
/usr/local/openssl11/include/openssl/pem.h:17,
from
/usr/local/openssl11/include/openssl/ssl.h:55,
from src/ssl_sock.c:43:
/usr/local/openssl11/include/openssl/x509.h:479:12: note:
expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type
‘int’
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
^~~~~~~~~~~~~~~
src/ssl_sock.c:1694:23: warning: implicit declaration of
function ‘X509_get_notAfter’; did you mean ‘X509_getm_notAfter’?
[-Wimplicit-function-declaration]
!X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
^~~~~~~~~~~~~~~~~
X509_getm_notAfter
src/ssl_sock.c:1694:23: warning: passing argument 1 of
‘X509_gmtime_adj’ makes pointer from integer without a cast [-Wint-conversion]
!X509_gmtime_adj(X509_get_notAfter(newcrt),(long)60*60*24*365))
^~~~~~~~~~~~~~~~~~~~~~~~~
In file included from
/usr/local/openssl11/include/openssl/pem.h:17,
from
/usr/local/openssl11/include/openssl/ssl.h:55,
from src/ssl_sock.c:43:
/usr/local/openssl11/include/openssl/x509.h:479:12: note:
expected ‘ASN1_TIME *’ {aka ‘struct asn1_string_st *’} but argument is of type
‘int’
ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
^~~~~~~~~~~~~~~
src/ssl_sock.c: In function ‘ssl_get_dh_1024’:
src/ssl_sock.c:2421:7: warning: implicit declaration of
function ‘BN_bin2bn’; did you mean ‘OBJ_nid2sn’?
[-Wimplicit-function-declaration]
p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
^~~~~~~~~
OBJ_nid2sn
src/ssl_sock.c:2421:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
p = BN_bin2bn(dh1024_p, sizeof dh1024_p, NULL);
^
src/ssl_sock.c:2422:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
g = BN_bin2bn(dh1024_g, sizeof dh1024_g, NULL);
^
src/ssl_sock.c: In function ‘ssl_get_dh_2048’:
src/ssl_sock.c:2468:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
p = BN_bin2bn(dh2048_p, sizeof dh2048_p, NULL);
^
src/ssl_sock.c:2469:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
g = BN_bin2bn(dh2048_g, sizeof dh2048_g, NULL);
^
src/ssl_sock.c: In function ‘ssl_get_dh_4096’:
src/ssl_sock.c:2536:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
p = BN_bin2bn(dh4096_p, sizeof dh4096_p, NULL);
^
src/ssl_sock.c:2537:5: warning: assignment to ‘BIGNUM *’ {aka
‘struct bignum_st *’} from ‘int’ makes pointer from integer without a cast
[-Wint-conversion]
g = BN_bin2bn(dh4096_g, sizeof dh4096_g, NULL);
^
src/ssl_sock.c: In function ‘smp_fetch_ssl_x_notafter’:
src/ssl_sock.c:6244:24: warning: passing argument 1 of
‘ssl_sock_get_time’ makes pointer from integer without a cast [-Wint-conversion]
if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
^~~~~~~~~~~~~~~~~~~~~~
src/ssl_sock.c:5770:30: note: expected ‘ASN1_TIME *’ {aka
‘struct asn1_string_st *’} but argument is of type ‘int’
ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
~~~~~~~~~~~^~
src/ssl_sock.c: In function ‘smp_fetch_ssl_x_notbefore’:
src/ssl_sock.c:6344:24: warning: passing argument 1 of
‘ssl_sock_get_time’ makes pointer from integer without a cast [-Wint-conversion]
if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <=
0)
^~~~~~~~~~~~~~~~~~~~~~~
src/ssl_sock.c:5770:30: note: expected ‘ASN1_TIME *’ {aka
‘struct asn1_string_st *’} but argument is of type ‘int’
ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
~~~~~~~~~~~^~
src/ssl_sock.c: In function ‘__ssl_sock_init’:
src/ssl_sock.c:8800:2: warning: implicit declaration of
function ‘SSL_library_init’; did you mean ‘SSL_in_init’?
[-Wimplicit-function-declaration]
SSL_library_init();
^~~~~~~~~~~~~~~~
SSL_in_init
src/ssl_sock.c:8832:9: warning: implicit declaration of
function ‘SSLeay_version’; did you mean ‘SSL_version’?
[-Wimplicit-function-declaration]
SSLeay_version(SSLEAY_VERSION),
^~~~~~~~~~~~~~
SSL_version
src/ssl_sock.c:8832:24: error: ‘SSLEAY_VERSION’ undeclared
(first use in this function); did you mean ‘SSL2_VERSION’?
SSLeay_version(SSLEAY_VERSION),
^~~~~~~~~~~~~~
SSL2_VERSION
src/ssl_sock.c:8833:36: warning: implicit declaration of
function ‘SSLeay’; did you mean ‘SSLerr’? [-Wimplicit-function-declaration]
((OPENSSL_VERSION_NUMBER ^ SSLeay()) >> 8) ? "
(VERSIONS DIFFER!)" : "");
^~~~~~
SSLerr
src/ssl_sock.c: In function ‘__ssl_sock_deinit’:
src/ssl_sock.c:8925:9: warning: implicit declaration of
function ‘ERR_free_strings’; did you mean ‘ERR_load_strings’?
[-Wimplicit-function-declaration]
ERR_free_strings();
^~~~~~~~~~~~~~~~
ERR_load_strings
src/ssl_sock.c:8927:9: warning: implicit declaration of
function ‘EVP_cleanup’; did you mean ‘EVP_PBE_cleanup’?
[-Wimplicit-function-declaration]
EVP_cleanup();
^~~~~~~~~~~
EVP_PBE_cleanup
src/ssl_sock.c:8930:9: warning: implicit declaration of
function ‘CRYPTO_cleanup_all_ex_data’; did you mean ‘CRYPTO_dup_ex_data’?
[-Wimplicit-function-declaration]
CRYPTO_cleanup_all_ex_data();
^~~~~~~~~~~~~~~~~~~~~~~~~~
CRYPTO_dup_ex_data
make: *** [Makefile:909: src/ssl_sock.o] Error 1
