Hello!
On Wed, Aug 19, 2015 at 09:15:07AM -0400, vindicator wrote:
> I swear I had built the hg default version on my AMD64 just fine, but now
> I'm doing it on my ARM device running Ubuntu 15.04 with kernel 4.2.
> I used the default system openssl, but also tried with the master git
> version all with the same result.
>
> Attempts with:
> 1) ./auto/configure --with-http_ssl_module --with-ipv6
> 2) ./auto/configure --with-http_ssl_module --with-ipv6 --with-cc-opt="-I
> /usr/local/ssl/include -I /usr/local/include" --with-ld-opt="-L
> /usr/local/ssl/lib -L /usr/local/lib"
> 3) ./auto/configure --with-ipv6 --with-http_ssl_module
> --with-openssl=/src/openssl/
> and of course "make".
> *****
> src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
> src/event/ngx_event_openssl.c:1164:31: error: dereferencing pointer to
> incomplete type
> if (c->ssl->connection->s3) {
> ^
> src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to
> incomplete type
> c->ssl->connection->s3->flags |=
> SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
> ^
> *****
>
> "./auto/configure --with-ipv6" built with no problems.
Looks like you have OPENSSL_NO_SSL_INTERN defined by default in your system.
Try this patch:
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1159,6 +1159,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->send_chain = ngx_ssl_send_chain;
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#ifndef OPENSSL_NO_SSL_INTERN
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) {
@@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
}
#endif
+#endif
return NGX_OK;
}
--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx