Welcome! Log In Create A New Profile

Advanced

Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.

Alejandro Colomar
September 08, 2022 08:08AM
Hi Sergey,

On 9/8/22 13:31, Sergey Kandaurov wrote:
> details: https://hg.nginx.org/nginx/rev/ba5cf8f73a2d
> branches:
> changeset: 8070:ba5cf8f73a2d
> user: Sergey Kandaurov <pluknet@nginx.com>
> date: Thu Sep 08 13:53:49 2022 +0400
> description:
> SSL: silenced GCC warnings when building with BoringSSL.
>
> BoringSSL uses macro stub for SSL_CTX_set_ecdh_auto that expands to 1,
> which triggers -Wunused-value "statement with no effect" warnings.

I think this workaround is incorrect, and the problem is in the buildsystem.

See gcc(1):

-I dir
-iquote dir
-isystem dir
-idirafter dir
...

You can use -I to override a system header file,
substituting your own version, since these
directories are searched before the standard system
header file directories. However, you should not use
this option to add directories that contain vendor‐
supplied system header files; use -isystem for that.

The -isystem and -idirafter options also mark the
directory as a system directory, so that it gets the
same special treatment that is applied to the
standard system directories.

...


Basically, -isystem works as -I, but disables warnings caused by system
headers.

With that flag, I don't get any warnings in the following simple
reproducer (a bit weird is that clang doesn't get a warning even with -I):

$ tree
.
├── include
│   └── one.h
└── main.c

1 directory, 2 files
$
$ cat include/one.h
#define ONE() 1
$
$ cat main.c
#include <one.h>

int
main(void)
{
ONE();

return 0;
}
$
$ gcc -Wall -Wextra -isystem./include main.c
$
$ clang -Weverything -isystem./include main.c
$
$ gcc -Wall -Wextra -I./include main.c
In file included from main.c:1:
main.c: In function ‘main’:
./include/one.h:1:16: warning: statement with no effect [-Wunused-value]
1 | #define ONE() 1
| ^
main.c:6:9: note: in expansion of macro ‘ONE’
6 | ONE();
| ^~~
$
$ clang -Weverything -I./include main.c
$


Of course, this is considering that you normally don't want to get
warnings from dubious system headers, which normally should be the case
in user applications, but you may legitimately doubt the correctness of
some dependencies, and may want to see the warnings...

Cheers,

Alex


>
> diffstat:
>
> src/event/ngx_event_openssl.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diffs (12 lines):
>
> diff -r a423e314c22f -r ba5cf8f73a2d src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c Wed Sep 07 00:47:31 2022 +0300
> +++ b/src/event/ngx_event_openssl.c Thu Sep 08 13:53:49 2022 +0400
> @@ -1428,7 +1428,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s
>
> #ifdef SSL_CTRL_SET_ECDH_AUTO
> /* not needed in OpenSSL 1.1.0+ */
> - SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
> + (void) SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
> #endif
>
> if (ngx_strcmp(name->data, "auto") == 0) {
> _______________________________________________
> nginx-devel mailing list -- nginx-devel@nginx.org
> To unsubscribe send an email to nginx-devel-leave@nginx.org

--
http://www.alejandro-colomar.es/
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[nginx] SSL: silenced GCC warnings when building with BoringSSL.

Sergey Kandaurov 225 September 08, 2022 07:32AM

Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.

Alejandro Colomar 56 September 08, 2022 08:08AM

Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.

Maxim Dounin 59 September 08, 2022 10:22AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 90
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready