Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: anyone compile OpenSSL with enable-tlsext and succeed? |
|
| Author |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
 Posted: Tue 07 Oct '08 7:18 Post subject: anyone compile OpenSSL with enable-tlsext and succeed? |
 |
|
Was wanting to play with the SNI patch for Apache so started reading. Saw in one of the patches that enable-tlsext needs to be configured when building.
my usual VC6
perl configure.pl VC-WIN32 enable-tlsext
do_nasm and do_ms both tried.
All goes well till compiling s3_clnt.c for linking in libeay32.dll;
PPLINK -I. /Fdout32dll -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_CMS -DOPE
NSSL_NO_CAPIENG -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -D_WINDLL -DOPENSSL_BUILD_SHLIBSSL -c .\ssl\s3_clnt.c
s3_clnt.c
.\ssl\s3_clnt.c(1780) : error C2220: warning treated as error - no object file generated
.\ssl\s3_clnt.c(1780) : warning C4018: '!=' : signed/unsigned mismatch
NMAKE : fatal error U1077: 'cl' : return code '0x2'
Stop. |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Sat 11 Oct '08 20:28 Post subject: |
|
|
Well I dug into the file and found majority of the problem lies in a 100 line chunk of code sandwiched in #ifndef OPENSSL_NO_TLSEXT
changing line 1688 to a signed constant and line 1755 from a signed long to unsigned and it compiles ... haven't tested to see if it works yet. I think I'l change the constant back and unsign the long (#1687) and build again.
My VC6 simply does not like comparing signed/unsigned values it seems since this is now the second thing I've had to do this to. |
|
| Back to top |
|
tdonovan
Moderator
Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA
|
| Posted: Sun 12 Oct '08 21:17 Post subject: |
|
|
A bit hard to follow without the openssl version number. I'm guessing you're not using openssl 0.9.8i because the line numbers don't match.
VC6 fails on line 1780 in s3_clnt.c with openssl 0.9.8i | Code: | | 1780 if (resplen + 4 != n) |
Casting the variable n to unsigned fixes this: | Code: | | 1780 if (resplen + 4 != (unsigned) n) |
This change is safe because if n was a negative number it surely would be less than 4. The case of n being less than 4 is handled a few lines earlier:
Later compilers (VC8 & VC9) seem to think that '!=' is a relatively safe comparison between signed and unsigned variables, unlike '<' or '>', so they don't issue a warning. I'm not sure they're right about this. gcc, for example, would would still issue a warning like VC6 does.
-tom- |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 13 Oct '08 21:10 Post subject: |
|
|
Sorry Tom, that was 0.9.8i
That is what confused me in the first place, in my file, 1780 has no comparison, 1781 however is the line you've shown. Somehow I got an extra line in there since looking at an original straight out of the tarball you are correct and that is the line it was whining about.
Will replace what I have with a fresh copy and and add the (unsigned) to that line. I didn't like changing the declarations but I'm still extremely weak on c++.
Apache (2.2.10) would not compile with it either so hopefully your fix will help me there.
I've been looking for anything concerning SNI on the web and cannot find anything substantial. I've searched the OpenSSL user and dev list looking to see if anyone hit this same snag with no luck which forced me to think of something ... not a perfect solution obviously.
Gregg |
|
| Back to top |
|
|
|
|
|
|
