Welcome! Log In Create A New Profile

Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.

Forum List Message List New Topic Print View

Alejandro Colomar

September 08, 2022 08:08AM

Hi Sergey,

On 9/8/22 13:31, Sergey Kandaurov wrote:
> details: https://hg.nginx.org/nginx/rev/ba5cf8f73a2d
> branches:
> changeset: 8070:ba5cf8f73a2d
> user: Sergey Kandaurov <pluknet@nginx.com>
> date: Thu Sep 08 13:53:49 2022 +0400
> description:
> SSL: silenced GCC warnings when building with BoringSSL.
>
> BoringSSL uses macro stub for SSL_CTX_set_ecdh_auto that expands to 1,
> which triggers -Wunused-value "statement with no effect" warnings.

I think this workaround is incorrect, and the problem is in the buildsystem.

See gcc(1):

-I dir
-iquote dir
-isystem dir
-idirafter dir
...

You can use -I to override a system header file,
substituting your own version, since these
directories are searched before the standard system
header file directories. However, you should not use
this option to add directories that contain vendor‐
supplied system header files; use -isystem for that.

The -isystem and -idirafter options also mark the
directory as a system directory, so that it gets the
same special treatment that is applied to the
standard system directories.

...

Basically, -isystem works as -I, but disables warnings caused by system
headers.

With that flag, I don't get any warnings in the following simple
reproducer (a bit weird is that clang doesn't get a warning even with -I):

$ tree
.
├── include
│ └── one.h
└── main.c

1 directory, 2 files
$
$ cat include/one.h
#define ONE() 1
$
$ cat main.c
#include <one.h>

int
main(void)
{
ONE();

return 0;
}
$
$ gcc -Wall -Wextra -isystem./include main.c
$
$ clang -Weverything -isystem./include main.c
$
$ gcc -Wall -Wextra -I./include main.c
In file included from main.c:1:
main.c: In function ‘main’:
./include/one.h:1:16: warning: statement with no effect [-Wunused-value]
1 | #define ONE() 1
| ^
main.c:6:9: note: in expansion of macro ‘ONE’
6 | ONE();
| ^~~
$
$ clang -Weverything -I./include main.c
$

Of course, this is considering that you normally don't want to get
warnings from dubious system headers, which normally should be the case
in user applications, but you may legitimately doubt the correctness of
some dependencies, and may want to see the warnings...

Cheers,

Alex

>
> diffstat:
>
> src/event/ngx_event_openssl.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diffs (12 lines):
>
> diff -r a423e314c22f -r ba5cf8f73a2d src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c Wed Sep 07 00:47:31 2022 +0300
> +++ b/src/event/ngx_event_openssl.c Thu Sep 08 13:53:49 2022 +0400
> @@ -1428,7 +1428,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_s
>
> #ifdef SSL_CTRL_SET_ECDH_AUTO
> /* not needed in OpenSSL 1.1.0+ */
> - SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
> + (void) SSL_CTX_set_ecdh_auto(ssl->ctx, 1);
> #endif
>
> if (ngx_strcmp(name->data, "auto") == 0) {
> _______________________________________________
> nginx-devel mailing list -- nginx-devel@nginx.org
> To unsubscribe send an email to nginx-devel-leave@nginx.org

--
http://www.alejandro-colomar.es/
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] SSL: silenced GCC warnings when building with BoringSSL.	Sergey Kandaurov	342	September 08, 2022 07:32AM
Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.	Alejandro Colomar	122	September 08, 2022 08:08AM
Re: [nginx] SSL: silenced GCC warnings when building with BoringSSL.	Maxim Dounin	121	September 08, 2022 10:22AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 278

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018