2023-09-01 20:31 +0400 daf82023-09-01 20:31 +0400 daf8f5ba23d8 Sergey Kandaurov <firstname.lastname@example.org> QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level.
As explained in BoringSSL change, levels were introduced in the original QUIC API to draw a line between when keys are released and when are active. In the new QUIC API they are released in separate calls when it's needed. BoringSSL has then a consideration to remove levels API, hence the change.
If not available e.g. from a QUIC packet header, levels can be taken based on keys availability. The only real use of levels is to prevent using app keys before they are active in QuicTLS that provides the old BoringSSL QUIC API, it is replaced with an equivalent check of c->ssl->handshaked.
This change also removes OpenSSL compat shims since they are no longer used. The only exception left is caching write level from the keylog callback in the internal field which is a handy equivalent of checking keys availability.
 https://boringssl.googlesource.com/boringssl/+/1e859054show more ...
2023-09-06 02:58 +0100 63802023-09-06 02:58 +0100 6380c3e7e6a5 Andrew Clayton <email@example.com> Fix build on musl libc with clang.
As reported by @andypost on GitHub, if you try to build Unit on a system that uses musl libc (such as Alpine Linux) with clang then you get the following
clang -c -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter -Wwrite-strings -fstrict-aliasing -Wstrict-overflow=5 -Wmissing-prototypes -Werror -g -I src -I build/include \ \ \ -o build/src/nxt_socketpair.o \ -MMD -MF build/src/nxt_socketpair.dep -MT build/src/nxt_socketpair.o \ src/nxt_socketpair.c In file included from src/nxt_socketpair.c:8: src/nxt_socket_msg.h:138:17: error: comparison of integers of different signs: 'unsigned long' and 'long' [-Werror,-Wsign-compare] cmsg = CMSG_NXTHDR(&msg, cmsg)) ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/socket.h:358:44: note: expanded from macro 'CMSG_NXTHDR' __CMSG_LEN(cmsg) + sizeof(struct cmsghdr) >= __MHDR_END(mhdr) - (unsigned char *)(cmsg) \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from src/nxt_socketpair.c:8: src/nxt_socket_msg.h:177:17: error: comparison of integers of different signs: 'unsigned long' and 'long' [-Werror,-Wsign-compare] cmsg = CMSG_NXTHDR(&msg, cmsg)) ^~~~~~~~~~~~~~~~~~~~~~~ /usr/include/sys/socket.h:358:44: note: expanded from macro 'CMSG_NXTHDR' __CMSG_LEN(cmsg) + sizeof(struct cmsghdr) >= __MHDR_END(mhdr) - (unsigned char *)(cmsg) \ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 errors generated. make: *** [build/Makefile:261: build/src/nxt_socketpair.o] Error 1
GCC works fine, it seems to have some smarts so that it doesn't give warnings on system header files.
This seems to be a long standing issue with musl libc (bad casting in the CMSG_NXTHDR macro) and the workaround employed by several projects is to disable the -Wsign-compare clang warning for the code in question.
So, that's what we do. We wrap the CMSG_NXTHDR macro in a function, so we can use the pre-processor in it to selectively disable the warning.
Link: <https://github.com/dotnet/runtime/issues/16438> Link: <https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-devtools/breakpad/breakpad/0001-Turn-off-sign-compare-for-musl-libc.patch> Link: <https://github.com/dotnet/corefx/blob/57ff88bb75a0/src/Native/Unix/System.Native/pal_networking.c#L811-L829> Link: <https://firstname.lastname@example.org/> Closes: <https://github.com/nginx/unit/issues/936> Signed-off-by: Andrew Clayton <email@example.com>show more ...