weixin_39548733
2020-12-28 08:02 阅读 14

Implicit declaration of function 'X509_check_host' on some systems.

This is the error I got when trying to compile the code on Ubuntu:


libs/signet-resolver/ssl.c: In function '_do_x509_hostname_check':
libs/signet-resolver/ssl.c:361:5: error: implicit declaration of function 'X509_check_host' [-Werror=implicit-function-declaration]
     return (X509_check_host(cert, (unsigned char *)domain, strlen(domain), 0, NULL));

The version of Ubuntu I am using is 14.10 which is no longer supported so that may have something to do with it. The version of OpenSSL that it has is 1.0.1f. I'll need to check later versions of Ubuntu to see if it still has the same problem.

该提问来源于开源项目:lavabit/libdime

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

8条回答 默认 最新

  • weixin_39929153 weixin_39929153 2020-12-28 08:02

    It seems that X509_check_host was added in openssl version 1.0.2.

    点赞 评论 复制链接分享
  • weixin_39548733 weixin_39548733 2020-12-28 08:02

    The only release of Ubuntu to have >= 1.0.2 is the one currently in development. The same goes for Fedora.

    点赞 评论 复制链接分享
  • weixin_39548733 weixin_39548733 2020-12-28 08:02

    I've just gone through some of the documentation and am getting ready to issue a pull request for some of the updates that I have done. Currently openssl is listed as a bundled dependency, but based upon this bug that seems to no longer be the case. Does the project now expect the system to provide it, or will it be bundled again?

    点赞 评论 复制链接分享
  • weixin_39929153 weixin_39929153 2020-12-28 08:02

    Yes, as of right now the project expects the system to provide openssl.

    点赞 评论 复制链接分享
  • weixin_39738273 weixin_39738273 2020-12-28 08:02

    I originally posted a note on this to slack, without realizing it should have been here:

    1.0.2 is waaaay to new for production use. I say it all the time: when it comes to security, speed kills. That is why shw backported the check host function from 1.0.2 to the better tested and slightly more reliable 1.0.1 branch. It wasn't an issue when we were bundling OpenSSL (which was also done because the bundled version didn't support all of the necessary ciphers). If were going to support bundled+system we'll need to move that function out of OpenSSL and into the provider layer.

    点赞 评论 复制链接分享
  • weixin_39769740 weixin_39769740 2020-12-28 08:02

    If this is a requirement to compile, could you at least update configure.ac https://github.com/lavabit/libdime/blob/develop/configure.ac#L11

    点赞 评论 复制链接分享
  • weixin_39738273 weixin_39738273 2020-12-28 08:02

    Done. Updated to 1.0.1.

    点赞 评论 复制链接分享
  • weixin_39738273 weixin_39738273 2020-12-28 08:02

    P.S. I'm about to start auditing libdime and integrating it with the magma project, so expect changes.

    点赞 评论 复制链接分享

相关推荐