"Dereferencing Pointer To Incomplete Type" on ARM

I swear I had built the hg default version on my AMD64 just fine, but
now
I’m doing it on my ARM device running Ubuntu 15.04 with kernel 4.2.
I used the default system openssl, but also tried with the master git
version all with the same result.

Attempts with:

  1. ./auto/configure --with-http_ssl_module --with-ipv6
  2. ./auto/configure --with-http_ssl_module --with-ipv6 --with-cc-opt="-I
    /usr/local/ssl/include -I /usr/local/include" --with-ld-opt="-L
    /usr/local/ssl/lib -L /usr/local/lib"
  3. ./auto/configure --with-ipv6 --with-http_ssl_module
    –with-openssl=/src/openssl/
    and of course “make”.

src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
src/event/ngx_event_openssl.c:1164:31: error: dereferencing pointer to
incomplete type
if (c->ssl->connection->s3) {
^
src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to
incomplete type
c->ssl->connection->s3->flags |=
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
^


“./auto/configure --with-ipv6” built with no problems.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261124,261124#msg-261124

Looks like it isn’t just nginx (or even more likely IS an openssl issue)
because I just encountered it again with pjproject:


…/src/pj/ssl_sock_ossl.c:1001:5: warning: implicit declaration of
function
‘M_ASN1_STRING_length’ [-Wimplicit-function-declaration]
len = M_ASN1_STRING_length(X509_get_serialNumber(x));
^
…/src/pj/ssl_sock_ossl.c: In function ‘pj_ssl_sock_get_info’:
…/src/pj/ssl_sock_ossl.c:2285:24: error: dereferencing pointer to
incomplete type
info->cipher = (cipher->id & 0x00FFFFFF);
^


Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261124,261142#msg-261142

Hello!

On Wed, Aug 19, 2015 at 09:15:07AM -0400, vindicator wrote:

  1. ./auto/configure --with-ipv6 --with-http_ssl_module
    c->ssl->connection->s3->flags |=
    SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
    ^

“./auto/configure --with-ipv6” built with no problems.

Looks like you have OPENSSL_NO_SSL_INTERN defined by default in your
system.
Try this patch:

— a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1159,6 +1159,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->send_chain = ngx_ssl_send_chain;

#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#ifndef OPENSSL_NO_SSL_INTERN

     /* initial handshake done, disable renegotiation 

(CVE-2009-3555) */
if (c->ssl->connection->s3) {
@@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
}

#endif
+#endif

     return NGX_OK;
 }


Maxim D.
http://nginx.org/

Hello!

On Mon, Aug 24, 2015 at 10:40:05PM -0400, vindicator wrote:

                           ^
     ^

cc1: all warnings being treated as errors


[…]

Oh, it looks like you are trying to build nginx against OpenSSL
master branch. As OpenSSL guys are changing things rapidly
nowadays, it’s not really going to work. Try any released version
instead.

Quick and dirty fix below, but I wouldn’t bet it will be enough to
build with OpenSSL master even in a week from now.

— a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1159,6 +1159,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->send_chain = ngx_ssl_send_chain;

#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
+#if 0

     /* initial handshake done, disable renegotiation 

(CVE-2009-3555) */
if (c->ssl->connection->s3) {
@@ -1166,6 +1167,7 @@ ngx_ssl_handshake(ngx_connection_t *c)
}

#endif
+#endif

     return NGX_OK;
 }

@@ -2861,7 +2863,7 @@ ngx_ssl_session_ticket_key_callback(ngx_
ngx_hex_dump(buf, key[0].name, 16) - buf, buf,
SSL_session_reused(ssl_conn) ? “reused” :
“new”);

  •    RAND_pseudo_bytes(iv, 16);
    
  •    RAND_bytes(iv, 16);
       EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, 
    

key[0].aes_key, iv);
HMAC_Init_ex(hctx, key[0].hmac_key, 16,
ngx_ssl_session_ticket_md(), NULL);


Maxim D.
http://nginx.org/

Thanks, but no. I’m still getting that error:


cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror
-g
-I src/core -I src/event -I src/event/modules -I src/os/unix -I objs
-o objs/src/event/ngx_event_openssl.o
src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to
incomplete type
if (c->ssl->connection->s3) {
^
src/event/ngx_event_openssl.c:1166:31: error: dereferencing pointer to
incomplete type
c->ssl->connection->s3->flags |=
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
^
src/event/ngx_event_openssl.c: In function
‘ngx_ssl_session_ticket_key_callback’:
src/event/ngx_event_openssl.c:2866:9: error: implicit declaration of
function ‘RAND_pseudo_bytes’ [-Werror=implicit-function-declaration]
RAND_pseudo_bytes(iv, 16);
^
cc1: all warnings being treated as errors


Changed code section:


    c->recv_chain = ngx_ssl_recv_chain;
    c->send_chain = ngx_ssl_send_chain;

#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#ifndef OPENSSL_NO_SSL_INTERN

    /* initial handshake done, disable renegotiation (CVE-2009-3555) 

*/
if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |=
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}

#endif
#endif

    return NGX_OK;
}

sslerr = SSL_get_error(c->ssl->connection, n);

Just adding that I clean the source before each build attempt via:


hg --config “extensions.purge=” purge --all
hg revert --all


I also don’t know where I’d find if “OPENSSL_NO_SSL_INTERN” was already
defined. printenv doesn’t show it, nor does a recursive grep in /etc or
~.
Let me know if there are any other tests you’d like me to try or any
other
information you need from me that may help.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261124,261218#msg-261218

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs