Konstantin,
On 6/1/24 10:12, Konstantin Kolinko wrote:
пт, 31 мая 2024 г. в 20:33, Christopher Schultz <schu...@apache.org>:
All,
I don't think my commit broke the build. Re-winding to
fe07505146b7573f36a0d01ba0d2b847af7c9914 shows that the 1.1.x build does
not work on my machine.
$ sh buildconf --with-apr=apr-1.7.4
(This path is correct)
$ cat config.nice
#! /bin/sh
#
# Created by configure
"./configure" \
"--with-apr=/usr/local/Cellar/apr/1.7.4/bin/apr-1-config" \
"--with-ssl=/usr/local/Cellar/openssl@1.1/1.1.1w/" \
"$@"
$ ./config.nice
[... no errors...]
$ make clean
$ make
/bin/sh /usr/local/Cellar/apr/1.7.4/build-1/libtool --silent
--mode=compile --tag=CC clang -g -O2 -Wall -DHAVE_CONFIG_H -DDARWIN
-DSIGPROCMASK_SETS_THREAD_MASK -g -O2 -DHAVE_OPENSSL
-DHAVE_POOL_PRE_CLEANUP
-I/Users/christopherschultz/git/tomcat-native/native/include
-I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include
-I/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home/include/darwin
-I/usr/local/Cellar/openssl@1.1/1.1.1w//include
-I/usr/local/opt/apr/include/apr-1 -o src/ssl.lo -c src/ssl.c && touch
src/ssl.lo
src/ssl.c:201:7: error: incomplete definition of type 'struct dh_st'
dh->p = prime(NULL);
~~^
/usr/local/Cellar/openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16:
note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
^
[...]
The full code in that area is:
static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *), const char *gen)
{
DH *dh = DH_new();
if (!dh) {
return NULL;
}
dh->p = prime(NULL); // Line 201
BN_dec2bn(&dh->g, gen);
if (!dh->p || !dh->g) {
DH_free(dh);
return NULL;
}
return dh;
}
Is this just a bad setup on my end?
Building the main branch in this environment (but with OpenSSL 3.0)
works with some warnings but no errors.
Can anyone confirm they can build 1.1.x HEAD?
The code in src/ssl.c of Tomcat-Native 1.1.1 cited above is not
compatible with "openssl@1.1/1.1.1w".
Essentially:
- "openssl@1.1/1.1.1w//include/openssl/ossl_typ.h:104:16:" declares an alias:
typedef struct dh_st DH;
I.e. it declares the name "DH", but the actual definition of "struct
dh_st" is elsewhere, not in public include files. (but in some
"internal" parts of OpenSSL). Thus the structure can only be used
opaquely. The error is that
dh->p = prime(NULL); // Line 201
tries to access "p", which is not possible without knowing the
internal structure of DH.
Note that this is fixed in Tomcat Native 1.3.x:
There it calls "DH_set0_pqg()" to set the value of p.
Looking at the commit history of OpenSSL 1.1.x, there is the following commit:
https://github.com/openssl/openssl/commit/6db7fadf0975c75bfba01dd939063b4bdcb1a0fe
"DH: add simple getters for commonly used DH struct members"
It is not exactly on topic, but gives references where to look for.
Other links:
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/ossl_typ.h
(declares "typedef struct dh_st DH"
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1-stable/include/openssl/dh.h
(declares "DH_set0_pqg" and other DH_set / DH_get methods)
https://github.com/apache/tomcat-native/blob/1.1.x/native/src/ssl.c#L194
https://github.com/apache/tomcat-native/blob/1.3.x/native/src/ssl.c#L197
(Tomcat Native 1.1 vs 1.3)
https://stackoverflow.com/questions/45416806/missing-definitions-in-headerfile-dh-h-openssl-1-1-0f
(The same issue encountered by somebody else)
Note that the last release of Tomcat Native 1.1.x was 1.1.34 of 2015-12-15
https://tomcat.apache.org/oldnews-2015.html#Tomcat_Native_1.1.34_Released
It was built with
- APR 1.5.1
- OpenSSL 1.0.1m
(as mentioned in VERSIONS file in tomcat-native-1.1.34-win32-bin.zip)
Oops. I had meant to patch the 1.3.x branch, but I did not see it in
git. I had to specifically check it out to see it.
I will remove the patch from 1.1.x which should not be there. I will
re-do the patch for 1.3.x.
Apologies for the confusion.
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
