2.2.0-beta1: openssl 1.1.1-dev build fails #1216
Description
We tried building h2o with OpenSSL v1.1.1-dev on FreeBSD v11 (clang v3.8.0) in order to enable TLSv1.3 with our secp384r1 ECDSA certificate. I noticed #1211 mentioned a fix, but building h2o with picotls and the bundled libressl is unable to load our private certificate saying we need openssl >= 1.1.0
We can build h2o with OpenSSL v1.1.1-dev on FreeBSD v11 if picotls is disabled, but clients never seem to use TLSv1.3.
When I build h2o with openssl v1.1.1 with picotls enabled the build fails. Here are the build steps:
Build OpenSSL v1.1.1-dev
cd /tmp
git clone https://github.com/openssl/openssl
cd /tmp/openssl
./config
make
cp /tmp/openssl/libssl.so.1.1 /usr/local/lib/
cp /tmp/openssl/libcrypto.so.1.1 /usr/local/lib/
Build h2o
cd /tmp
git clone https://github.com/h2o/h2o
cd h2o
OPENSSL_ROOT_DIR=/tmp/openssl cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DCMAKE_CXX_FLAGS="-Wall -ggdb3 -O2 -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -std=c++0x -fvisibility=hidden" -DCMAKE_C_FLAGS="-Wall -ggdb3 -O2 -fstack-protector-all -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fvisibility=hidden" -DWITH_BUNDLED_SSL=off -DWITH_PICOTLS=on -DWITH_MRUBY=on .
make
make install
The following is when the build fails. The "evp_cipher_ctx_st definition" error looks like a common problem with the openssl 1.1.x branch as one cannot instantiate these structures directly on the stack anymore.
[ 56%] Building C object CMakeFiles/h2o.dir/deps/picotls/deps/cifra/src/hmac.c.o
[ 56%] Building C object CMakeFiles/h2o.dir/deps/picotls/deps/cifra/src/gcm.c.o
[ 58%] Building C object CMakeFiles/h2o.dir/deps/picotls/deps/cifra/src/gf128.c.o
[ 58%] Building C object CMakeFiles/h2o.dir/deps/picotls/deps/cifra/src/modes.c.o
[ 58%] Building C object CMakeFiles/h2o.dir/deps/picotls/deps/cifra/src/sha256.c.o
[ 58%] Building C object CMakeFiles/h2o.dir/deps/picotls/lib/picotls.c.o
[ 60%] Building C object CMakeFiles/h2o.dir/deps/picotls/lib/cifra.c.o
[ 60%] Building C object CMakeFiles/h2o.dir/deps/picotls/lib/uecc.c.o
[ 60%] Building C object CMakeFiles/h2o.dir/deps/picotls/lib/openssl.c.o
/tmp/h2o/deps/picotls/lib/openssl.c:811:20: error: variable has incomplete type 'EVP_CIPHER_CTX' (aka 'struct evp_cipher_ctx_st')
EVP_CIPHER_CTX cctx;
^
/tmp/openssl/include/openssl/ossl_typ.h:90:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
^
/tmp/h2o/deps/picotls/lib/openssl.c:812:14: error: variable has incomplete type 'HMAC_CTX' (aka 'struct hmac_ctx_st')
HMAC_CTX hctx;
^
/tmp/openssl/include/openssl/ossl_typ.h:102:16: note: forward declaration of 'struct hmac_ctx_st'
typedef struct hmac_ctx_st HMAC_CTX;
^
/tmp/h2o/deps/picotls/lib/openssl.c:817:5: warning: implicit declaration of function 'HMAC_CTX_init' is invalid in C99 [-Wimplicit-function-declaration]
HMAC_CTX_init(&hctx);
^
/tmp/h2o/deps/picotls/lib/openssl.c:856:5: warning: implicit declaration of function 'HMAC_cleanup' is invalid in C99 [-Wimplicit-function-declaration]
HMAC_cleanup(&hctx);
^
/tmp/h2o/deps/picotls/lib/openssl.c:863:20: error: variable has incomplete type 'EVP_CIPHER_CTX' (aka 'struct evp_cipher_ctx_st')
EVP_CIPHER_CTX cctx;
^
/tmp/openssl/include/openssl/ossl_typ.h:90:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
^
/tmp/h2o/deps/picotls/lib/openssl.c:864:14: error: variable has incomplete type 'HMAC_CTX' (aka 'struct hmac_ctx_st')
HMAC_CTX hctx;
^
/tmp/openssl/include/openssl/ossl_typ.h:102:16: note: forward declaration of 'struct hmac_ctx_st'
typedef struct hmac_ctx_st HMAC_CTX;
^
2 warnings and 4 errors generated.
*** Error code 1
Stop.
make[2]: stopped in /tmp/h2o
*** Error code 1
Stop.
make[1]: stopped in /tmp/h2o
*** Error code 1
Stop.
make: stopped in /tmp/h2o