Hello! On Fri, Sep 30, 2016 at 05:50:27AM -0700, Piotr Sikora wrote:
> Hey Alessandro, > > > # HG changeset patch > > # User Alessandro Ghedini <alessan...@cloudflare.com> > > # Date 1475070884 -3600 > > # Wed Sep 28 14:54:44 2016 +0100 > > # Node ID fe7d9e3987d40f16d86fd01d94ad16ff58467af2 > > # Parent 29bf0dbc0a77914bc94bd001a2b17d364e8e50d9 > > Upstream: fix warning when building with BoringSSL > > > > BoringSSL takes a const u_char * for SSL_set_tlsext_host_name but > > OpenSSL only takes a u_char *. Since NGINX is built with -Werror by > > default this breaks the build. > > You need to apply the same fix to ngx_stream_proxy_module.c. > > btw: I've sent exactly the same patch in the past, so good luck: > http://mailman.nginx.org/pipermail/nginx-devel/2015-November/007499.html I have no strong objections, but the patch as you've submitted casts to "const char *", while just "char *" should be enough. And BoringSSL still fails to build on FreeBSD out of the box (not to mention it now requires Go for building), which makes it non-trivial to test BoringSSL-related changes. Unless there are objections, I'm going to commit the patch below which adds (char *) casts. # HG changeset patch # User Maxim Dounin <mdou...@mdounin.ru> # Date 1475515513 -10800 # Mon Oct 03 20:25:13 2016 +0300 # Node ID 9984d19e3990b662045617f60ea0fa500d8d6afb # Parent 08b6836c9299942d642bd60442c7e58aee6356dc SSL: compatibility with BoringSSL. BoringSSL changed SSL_set_tlsext_host_name() to be a real function with a (const char *) argument, so it now triggers a warning due to conversion from (u_char *). Added an explicit cast to silence the warning. Prodded by Piotr Sikora, Alessandro Ghedini. diff -r 08b6836c9299 -r 9984d19e3990 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Mon Jun 27 15:00:06 2016 -0700 +++ b/src/http/ngx_http_upstream.c Mon Oct 03 20:25:13 2016 +0300 @@ -1690,7 +1690,10 @@ ngx_http_upstream_ssl_name(ngx_http_requ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "upstream SSL server name: \"%s\"", name.data); - if (SSL_set_tlsext_host_name(c->ssl->connection, name.data) == 0) { + if (SSL_set_tlsext_host_name(c->ssl->connection, + (char *) name.data) + == 0) + { ngx_ssl_error(NGX_LOG_ERR, r->connection->log, 0, "SSL_set_tlsext_host_name(\"%s\") failed", name.data); return NGX_ERROR; diff -r 08b6836c9299 -r 9984d19e3990 src/stream/ngx_stream_proxy_module.c --- a/src/stream/ngx_stream_proxy_module.c Mon Jun 27 15:00:06 2016 -0700 +++ b/src/stream/ngx_stream_proxy_module.c Mon Oct 03 20:25:13 2016 +0300 @@ -948,7 +948,8 @@ ngx_stream_proxy_ssl_name(ngx_stream_ses ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, "upstream SSL server name: \"%s\"", name.data); - if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data) + if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, + (char *) name.data) == 0) { ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
