Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

puma_http11 fails to build on OpenBSD 7.1 #2863

Closed
eradman opened this issue Apr 25, 2022 · 6 comments · Fixed by #2864
Closed

puma_http11 fails to build on OpenBSD 7.1 #2863

eradman opened this issue Apr 25, 2022 · 6 comments · Fixed by #2864
Labels
bug ssl

Comments

@eradman
Copy link

eradman commented Apr 25, 2022

Describe the bug

puma_http11 fails to build on OpenBSD 7.1

using OpenSSL pkgconfig (openssl.pc)
checking for openssl/bio.h... yes
checking for DTLS_method() in openssl/ssl.h... yes
checking for TLS_server_method() in openssl/ssl.h... yes
checking for SSL_CTX_set_min_proto_version(NULL, 0) in openssl/ssl.h... yes
checking for X509_STORE_up_ref()... yes
checking for SSL_CTX_set_ecdh_auto(NULL, 0) in openssl/ssl.h... yes
checking for SSL_get1_peer_certificate() in openssl/ssl.h... no
checking for Random.bytes... yes
creating Makefile

current directory: /home/eradman/.gem/ruby/3.1/gems/puma-5.6.4/ext/puma_http11
make DESTDIR\= clean

current directory: /home/eradman/.gem/ruby/3.1/gems/puma-5.6.4/ext/puma_http11
make DESTDIR\=
compiling http11_parser.c
compiling mini_ssl.c
mini_ssl.c:102:5: error: incomplete definition of type 'struct dh_st'
  dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
  ~~^
/usr/include/openssl/ossl_typ.h:116:16: note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
               ^
mini_ssl.c:103:5: error: incomplete definition of type 'struct dh_st'
  dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
  ~~^
/usr/include/openssl/ossl_typ.h:116:16: note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
               ^
mini_ssl.c:105:10: error: incomplete definition of type 'struct dh_st'
  if ((dh->p == NULL) || (dh->g == NULL)) {
       ~~^
/usr/include/openssl/ossl_typ.h:116:16: note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
               ^
mini_ssl.c:105:29: error: incomplete definition of type 'struct dh_st'
  if ((dh->p == NULL) || (dh->g == NULL)) {
                          ~~^
/usr/include/openssl/ossl_typ.h:116:16: note: forward declaration of 'struct dh_st'
typedef struct dh_st DH;
               ^
4 errors generated.
*** Error 1 in /home/eradman/.gem/ruby/3.1/gems/puma-5.6.4/ext/puma_http11 (Makefile:246 'mini_
ssl.o': @ cc -I. -I/usr/local/include/ruby-3....)

make failed, exit code 2

To Reproduce

gem31 install puma
MSP-Greg added a commit to MSP-Greg/puma that referenced this issue Apr 25, 2022
@MSP-Greg
MiniSSL - detect SSL_CTX_set_dh_auto
42857db 
Closes puma#2863
MSP-Greg added a commit to MSP-Greg/puma that referenced this issue Apr 25, 2022
@MSP-Greg
MiniSSL - detect SSL_CTX_set_dh_auto
492c3a6 
Closes puma#2863
@MSP-Greg MSP-Greg mentioned this issue Apr 25, 2022
Merged
7 tasks
@MSP-Greg
Copy link
Member

@eradman Thanks for the report.

Can you try building from PR #2864?

@eradman
Copy link
Author

eradman commented Apr 25, 2022

Thanks for the quick response @MSP-Greg!

I actually don't hit the same error when trying to build from top of tree

git log -1 --oneline
0f6ab127 (HEAD -> master, origin/master, origin/HEAD) [CI] minor workflow updates

cd puma/ext/puma_http11
doas bundle31 exec rake31
(in /home/eradman/git.oss/puma)
Running RuboCop...
Inspecting 160 files
................................................................................................................................................................

160 files inspected, no offenses detected
mkdir -p tmp/x86_64-openbsd/puma_http11/3.1.1
cd tmp/x86_64-openbsd/puma_http11/3.1.1
/usr/local/bin/ruby31 -I. -r.rake-compiler-siteconf.rb ../../../../ext/puma_http11/extconf.rb
using OpenSSL pkgconfig (openssl.pc)
checking for openssl/bio.h... yes
checking for DTLS_method() in openssl/ssl.h... yes
checking for TLS_server_method() in openssl/ssl.h... yes
checking for SSL_CTX_set_min_proto_version(NULL, 0) in openssl/ssl.h... yes
checking for X509_STORE_up_ref()... yes
checking for SSL_CTX_set_ecdh_auto(NULL, 0) in openssl/ssl.h... yes
checking for SSL_get1_peer_certificate() in openssl/ssl.h... no
checking for Random.bytes... yes
creating Makefile
cd -
cd tmp/x86_64-openbsd/puma_http11/3.1.1
/usr/local/bin/gmake
compiling ../../../../ext/puma_http11/http11_parser.c
compiling ../../../../ext/puma_http11/mini_ssl.c
compiling ../../../../ext/puma_http11/puma_http11.c
linking shared-object puma/puma_http11.so
cd -
mkdir -p tmp/x86_64-openbsd/stage/lib/puma

@MSP-Greg
Copy link
Member

MSP-Greg commented Apr 25, 2022
edited
Loading

@eradman Thanks for checking, I think PR #2838 fixed it.

PR #2864 may still be an improvement. @epsilon-0 @botovq Sorry for the pings, any thoughts?

EDIT: PR #2864 uses SSL_CTX_set_dh_auto when available, which is probably preferred to the hard coded values...

@botovq
Copy link

botovq commented Apr 25, 2022 via email

@MSP-Greg
Copy link
Member

@botovq Thanks.

Currently Puma does not work with TLS session reuse or ALPN. We'll be adding support for both soon. I suspect reuse will need to be turned on to match current functionality, ALPN may be the same.

I assume LibreSSL should/will work with the OpenSSL functions? Would you like a ping on the PR's?

MSP-Greg added a commit that referenced this issue Apr 26, 2022
@MSP-Greg
MiniSSL - detect SSL_CTX_set_dh_auto (#2864)
6481347 
Use SSL_CTX_set_dh_auto for all supported versions.  Previously, only used with OpenSSL 3.

Closes #2863
@botovq
Copy link

botovq commented Apr 26, 2022 via email

@deivid-rodriguez deivid-rodriguez mentioned this issue May 9, 2022
Closed
@dentarg dentarg mentioned this issue May 10, 2022
Closed
nateberkopec pushed a commit that referenced this issue Aug 22, 2022
@MSP-Greg @nateberkopec
MiniSSL - detect SSL_CTX_set_dh_auto (#2864)
6d22d50 
Use SSL_CTX_set_dh_auto for all supported versions.  Previously, only used with OpenSSL 3.

Closes #2863
JuanitoFatas pushed a commit to JuanitoFatas/puma that referenced this issue Sep 9, 2022
@MSP-Greg @JuanitoFatas
MiniSSL - detect SSL_CTX_set_dh_auto (puma#2864)
fa57d12 
Use SSL_CTX_set_dh_auto for all supported versions.  Previously, only used with OpenSSL 3.

Closes puma#2863
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug ssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

MiniSSL - detect SSL_CTX_set_dh_auto MSP-Greg/puma
3 participants
@eradman @botovq @MSP-Greg