How to install Nginx from source and avoid the OpenSSL Bug?

jason_sam · June 4, 2014, 3:25pm

Hi,
I am new to nginx and linux.
I tried to install nginx form source (nginx+rtmp module) following many
tutos on my Debian

And all gives me the same error:

./configure --add-module=…/nginx-rtmp-module-master

make -f objs/Makefile make[1]: entrant dans le répertoire «
/root/nginx/nginx-1.4.3 » cc -c -pipe -O -W -Wall -Wpointer-arith
-Wno-unused-parameter -Werror -g -I/root/nginx/nginx-rtmp-module/ -I
src/core -I src/event -I src/event/modules -I src/os/unix -I objs \ -o
objs/src/event/ngx_event_openssl.o \ src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.c: In function ngx_ssl_create:
src/event/ngx_event_openssl.c:189:5: error:
âSSL_OP_MSIE_SSLV2_RSA_PADDINGâ
undeclared (first use in this function)
src/event/ngx_event_openssl.c:189:5:
note: each undeclared identifier is reported only once for each function
it
appears in make[1]: * [objs/src/event/ngx_event_openssl.o] Erreur 1
make[1]:
quittant le répertoire « /root/nginx/nginx-1.4.3 » make: * [build]
Erreur 2

It seems error comes from :
Planned removal of SSL_OP_MSIE_SSLV2_RSA_PADDING breaks dependent
software
if you are using OpenSSL 1.0.2 or higher.

Any idea on how do I fix that ?

Thanks

Posted at Nginx Forum:

yarek · June 4, 2014, 3:33pm

Hi,

How to install Nginx from source and avoid the OpenSSL Bug ?

What openssl bug are you talking about? Debian contains all
important fixes afaik.

It seems error comes from :
Planned removal of SSL_OP_MSIE_SSLV2_RSA_PADDING breaks dependent software
if you are using OpenSSL 1.0.2 or higher.

Any idea on how do I fix that ?

It was already fixed 9 months ago:
http://hg.nginx.org/nginx/rev/a73678f5f96f

Use a recent nginx tarball.

Regards,

Lukas

yarek · June 4, 2014, 3:52pm

On Wed, Jun 4, 2014 at 3:33 PM, Lukas T. [email protected]
wrote:

How to install Nginx from source and avoid the OpenSSL Bug ?

What openssl bug are you talking about? Debian contains all
important fixes afaik.

I think 'yarek’

tries to build nginx with a 3rd-party program.
I’d suggest to use either the latest stable (v1.6.0) or mainline
(v1.7.1)
source.
v1.4.3 is pretty old now and is deprecated.

Btw, nginx links the OpenSSL library dynamically, so the bug has never
lied
inside nginx.
It depends on the version of OpenSSL which has been used to compile
nginx
(since using a version other than the one used for compilation at run
time
might fail/introduce problems).

It seems error comes from :

’yarek’ you could have compared the error message triggered by the
source
you were using with the current ngx_event_openssl.c source file
http://trac.nginx.org/nginx/browser/nginx/src/event/ngx_event_openssl.c.
You would have seen that the deprecation of the constant you triggered
is
handled, by a check for its existence. Lukas has been kind enough to
provide you with the exact commit introducing this change.

To sump up:

use recent/supported source http://nginx.org/en/download.html
use an unaffected version of OpenSSL
https://www.openssl.org/news/secadv_20140407.txt when compiling your
nginx binary. All major distro (including Debian) have fixed their
repositories with corrected versions for a long time now

B. R.

yarek · June 4, 2014, 4:53pm

Hi,

How to install Nginx from source and avoid the OpenSSL Bug ?

What openssl bug are you talking about? Debian contains all
important fixes afaik.

I think 'yarek’ tries to build nginx with a 3rd-party program.

Just installing libssl-dev from the debian repository would have
been enough then.

Also using:
aptitude build-dep nginx

is a more convenient way to install all source dependencies.

Building openssl on his own without understanding system paths
is dangerous and will probably break his system.

Lukas