Opened 3 years ago

Closed 3 years ago

#19406 closed defect (fixed)

OpenSSL 1.1.0pre5 breaks with maint-0.2.8

Reported by: nickm Owned by: yawning
Priority: High Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: TorCoreTeam201606 must-fix-before-028-rc
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Child Tickets

Change History (11)

comment:1 Changed 3 years ago by nickm

Owner: set to yawning
Status: newassigned

Yawning volunteered!

comment:2 Changed 3 years ago by nickm

Keywords: must-fix-before-028-rc added

comment:3 Changed 3 years ago by yawning

https://git.schwanenlied.me/yawning/tor/src/bug19406 (against maint-028)

This will never build cleanly against 1.1.0pre5 wiht -Werror (master is also broken):

In file included from /opt/openssl-1.1.0-pre5/include/openssl/x509.h:363:0,
                 from /opt/openssl-1.1.0-pre5/include/openssl/pem.h:65,
                 from ../src/tools/tor-gencert.c:17:
/opt/openssl-1.1.0-pre5/include/openssl/x509_vfy.h:379:6: warning: redundant redeclaration of ‘X509_STORE_CTX_set_verify_cb’ [-Wredundant-decls]
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/openssl-1.1.0-pre5/include/openssl/x509_vfy.h:312:6: note: previous declaration of ‘X509_STORE_CTX_set_verify_cb’ was here

The thread API has changed again since 1.1.0pre5 was released too. Since it's in cleanup code, I'm opting to go with master (aka 1.1.0pre6-dev) behavior.

comment:4 in reply to:  3 ; Changed 3 years ago by cypherpunks

Replying to yawning:

https://git.schwanenlied.me/yawning/tor/src/bug19406 (against maint-028)

This will never build cleanly against 1.1.0pre5 wiht -Werror (master is also broken):

In file included from /opt/openssl-1.1.0-pre5/include/openssl/x509.h:363:0,
                 from /opt/openssl-1.1.0-pre5/include/openssl/pem.h:65,
                 from ../src/tools/tor-gencert.c:17:
/opt/openssl-1.1.0-pre5/include/openssl/x509_vfy.h:379:6: warning: redundant redeclaration of ‘X509_STORE_CTX_set_verify_cb’ [-Wredundant-decls]
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/opt/openssl-1.1.0-pre5/include/openssl/x509_vfy.h:312:6: note: previous declaration of ‘X509_STORE_CTX_set_verify_cb’ was here

This is similar to the duplicate declaration of SSL_get_selected_srtp_profile which was fixed in OpenSSL commit 3609b02305c3678525930ff9bacb566c0122ea2a. tortls.c uses a #pragma dance (which has been replaced by a single preprocessor macro in master) to ignore this type of error and it seems tor-gencert.c now also needs it.

comment:5 in reply to:  4 Changed 3 years ago by yawning

Replying to cypherpunks:

This is similar to the duplicate declaration of SSL_get_selected_srtp_profile which was fixed in OpenSSL commit 3609b02305c3678525930ff9bacb566c0122ea2a. tortls.c uses a #pragma dance (which has been replaced by a single preprocessor macro in master) to ignore this type of error and it seems tor-gencert.c now also needs it.

Just to be extra clear, it's more than tor-gencert that needs to work around this, that's just the occurence I happened to paste.

comment:6 Changed 3 years ago by nickm

Resolution: fixed
Status: assignedclosed

Merged, tweaked, etc. Please reopen if there are still problems?

comment:7 Changed 3 years ago by yawning

Resolution: fixed
Status: closedreopened

There's still more redundant decls due to the x509 header. Sorry if I wasn't clear on that. It's indirectly included from a lot of things, which makes it sort of verbose to fix on the maint-028 branch :/

comment:8 Changed 3 years ago by nickm

Hm. Those warnings don't appear on the jenkins builders. :/

comment:9 Changed 3 years ago by nickm

d6b01211b94d0f has a fix for the remaining ones; 227d3b3d6b0955fe4f0 makes it right on master, I think.

comment:10 Changed 3 years ago by nickm

(please reopen if I didn't get everything.)

comment:11 Changed 3 years ago by nickm

Resolution: fixed
Status: reopenedclosed
Note: See TracTickets for help on using tickets.