Beta Branch downgrade back to nginx lua module 0.9.20

downgrade back to nginx lua module 0.9.20

0.10.0 has an error during nginx compilation

---

Code:

ccache /usr/bin/clang -ferror-limit=0 -c -I/usr/local/include/luajit-2.1  -pipe  -O -Wall -Wextra -Wpointer-arith -Wconditional-uninitialized -Wno-unused-parameter -Werror -g -m64 -mtune=native -mfpmath=sse -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare -Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter -Wno-unused-const-variable -Wno-conditional-uninitialized -Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized -Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion  -DNDK_SET_VAR -DNDK_UPSTREAM_LIST -DNDK_SET_VAR  -I src/core -I src/event -I src/event/modules -I src/os/unix -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/chromium/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/google-sparsehash/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/google-sparsehash/gen/arch/linux/x64/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/protobuf/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/re2/src -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/out/Release/obj/gen -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/out/Release/obj/gen/protoc_out/instaweb -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/apr/src/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/aprutil/src/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/apr/gen/arch/linux/x64/include -I ../ngx_pagespeed-release-1.9.32.11-beta/psol/include/third_party/aprutil/gen/arch/linux/x64/include -I ../ngx_devel_kit-0.2.19/objs -I objs/addon/ndk -I /usr/local/include/luajit-2.1 -I ../lua-nginx-module-0.10.0/src/api -I ../nginx_upstream_check_module-0.3.0 -I ../pcre-8.38 -I ../libressl-2.2.5/.openssl/include -I objs -I src/http -I src/http/modules -I src/http/v2 -I ../ngx_devel_kit-0.2.19/src -I src/mail -I src/stream \
                -o objs/addon/src/ngx_http_lua_module.o \
                ../lua-nginx-module-0.10.0/src/ngx_http_lua_module.c
../lua-nginx-module-0.10.0/src/ngx_http_lua_module.c:897:9: error: implicit declaration of function 'SSL_CTX_set_cert_cb' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        SSL_CTX_set_cert_cb(sscf->ssl.ctx, ngx_http_lua_ssl_cert_handler, NULL);
        ^
1 error generated.
make[1]: *** [objs/addon/src/ngx_http_lua_module.o] Error 1
make[1]: Leaving directory `/svr-setup/nginx-1.9.9'
make: *** [install] Error 2

Continue reading...

123.09beta01 branch

• Branch: https://github.com/centminmod/centminmod/tree/123.09beta01
• Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

 

seems related to a few changes openresty did to the nginx core via patches for their nginx lua module 0.10.0 new features Google Groups & feature: applied the ssl_cert_cb_yield patch to the NGINX core to all… · openresty/ngx_openresty@c0c2f88 · GitHub and actual patch ngx_openresty/nginx-1.9.7-ssl_cert_cb_yield.patch at master · openresty/ngx_openresty · GitHub

Looks like LibreSSL doesn't support SSL_CTX_set_cert_cb like OpenSSL 1.0.2+. OpenSSL i can find references to it https://github.com/openssl/openssl/search?utf8=✓&q=SSL_CTX_set_cert_cb but no reference in LibreSSL code https://github.com/libressl-portable/portable/search?utf8=✓&q=SSL_CTX_set_cert_cb

 

downgraded nginx lua module back from 0.10.0 to 0.9.20

 

If you really need to use the newer features in OpenResty's Nginx Lua 0.10.0 version, you can use centmin mod persistent config file to override the centmin.sh variables to switch back from LibreSSL to OpenSSL integration into Nginx and to set the Nginx lua version variable to 0.10.0

Create or append to your persistent config at /etc/centminmod/custom_config.inc the following variable settings

Code:

LIBRESSL_SWITCH='n'
ORESTY_LUANGINXVER='0.10.0'

Then run centmin.sh menu option 4 to recompile nginx

However, not clear if i need to patch nginx core too ngx_openresty/nginx-1.9.7-ssl_cert_cb_yield.patch at master · openresty/ngx_openresty · GitHub so more testing needed if using lua-nginx-module 0.10.0

patch does apply cleanly on nginx 1.9.9 though

Code:

cd /svr-setup/nginx-1.9.9
wget https://github.com/openresty/ngx_openresty/raw/master/patches/nginx-1.9.7-ssl_cert_cb_yield.patch
patch -p1 < nginx-1.9.7-ssl_cert_cb_yield.patch
patching file src/event/ngx_event_openssl.c

Then of course, need to re-run centmin.sh menu option 4 to recompile nginx

 

Possibility of this patch being added to nginx mainline core as agentzh posted it in Nginx development forums at [PATCH] SSL: handled SSL_CTX_set_cert_cb() callback yielding.

 

123.09beta01 is still in testing see my replies at Timeline / Roadmap | Centmin Mod Community

FYI 123.09beta01 branch specifically doesn't contain letsencrypt integration as that is being done in a separate branch altogether right now.

 

Depends on maturity of official letsencrypt client, it recently changed it's name to certbot and changed alot of code and the 2nd bash based client i added le.sh also changed it's name to acme.sh so many changes to test and re-test. Rushing things could break future compatibility and operation as these clients' code continue to evolve and change