Welcome! Log In Create A New Profile

Advanced

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Sergey Kandaurov
September 05, 2022 02:46PM
> On 1 Sep 2022, at 20:49, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1662050858 -10800
> # Thu Sep 01 19:47:38 2022 +0300
> # Node ID d73286c43b44f3161ca4de1d9d1cbb070c6da4a7
> # Parent 63a4b5ffd440c526bc96c6879dc1b6b489975d98
> Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379).

BTW, win32 build on Windows XP with OpenSSL 3.0.x is currently broken
for another reason: due to a missing InterlockedOr64 implementation.
See the related fix, expected to appear in upcoming OpenSSL 3.0.6:
ce3951fc30c7bc7c3dbacba19d87c79d9af9da0d

Now I have to configure OpenSSL with "no-threads" to pass to this error.

>
> SSL_sendfile() expects integer file descriptor as an argument, but nginx
> uses OS file handles (HANDLE) to work with files on Windows, and passing
> HANDLE instead of an integer correctly results in build failure. Since
> SSL_sendfile() is not expected to work on Windows anyway, the code is now
> disabled on Windows with appropriate compile-time checks.
>
> diff -r 63a4b5ffd440 -r d73286c43b44 src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c Thu Sep 01 19:45:22 2022 +0300
> +++ b/src/event/ngx_event_openssl.c Thu Sep 01 19:47:38 2022 +0300
> @@ -1770,7 +1770,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
> #endif
> #endif
>
> -#ifdef BIO_get_ktls_send
> +#if (defined BIO_get_ktls_send && !NGX_WIN32)
>
> if (BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection)) == 1) {
> ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
> @@ -1915,7 +1915,7 @@ ngx_ssl_try_early_data(ngx_connection_t
> c->read->ready = 1;
> c->write->ready = 1;
>
> -#ifdef BIO_get_ktls_send
> +#if (defined BIO_get_ktls_send && !NGX_WIN32)
>
> if (BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection)) == 1) {
> ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
> @@ -2944,7 +2944,7 @@ ngx_ssl_write_early(ngx_connection_t *c,
> static ssize_t
> ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file, size_t size)
> {
> -#ifdef BIO_get_ktls_send
> +#if (defined BIO_get_ktls_send && !NGX_WIN32)
>
> int sslerr, flags;
> ssize_t n;
>

This could be simplified if replaced #ifdef with #if.
BIO_get_ktls_send is documented to be a macro (and so tested here).
When OpenSSL isn't configured with KTLS, the macro is explanded to 0.
Replacement allows optimize ngx_ssl_sendfile() at compile time, as well.

I see that it's convention in nginx to test external macros using #ifdef.
In certain cases we use an exception there if it does or even does not
make sense, such as when testing SSL_CTRL_SET_ECDH_AUTO (though that's
rather a typo there). Using #if BIO_get_ktls_send looks reasonable to me.

Another way (though, a less obvious for the reader) is to replace
#if/ifdef BIO_get_ktls_send with a more convenient #ifndef OPENSSL_NO_KTLS.
This macro is set when KTLS isn't supported and not configured for OpenSSL.
As per INSTALL.md in the root of OpenSSL distribution, the enable-ktls option
"is forced off on systems that do not support the Kernel TLS data-path".
This makes no matter how OpenSSL is configured, with or without this option,
if it's claimed in OpenSSL to be unsupported by platform.
I tested to configure enable-ktls on win32: that's appeared to be true.
Unfortunately, OPENSSL_NO_KTLS is used to be documented (even for runtime
BIO_get_ktls_send() checks) only in sources, such as in apps/s_server.c.

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Sergey Kandaurov 293 September 05, 2022 02:46PM

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Maxim Dounin 64 September 05, 2022 11:52PM

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Sergey Kandaurov 52 September 06, 2022 07:36AM

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Maxim Dounin 57 September 06, 2022 08:12PM

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Sergey Kandaurov 46 September 07, 2022 11:36AM

Re: [PATCH 3 of 3] Win32: fixed build on Windows with OpenSSL 3.0.x (ticket #2379)

Maxim Dounin 64 September 07, 2022 05:14PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 153
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready