pingora icon indicating copy to clipboard operation
pingora copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

Build fails with boringssl feature due to X509VerifyResult incompatibility

Open samurai00 opened this issue 11 months ago • 0 comments

Description

When the the feature boringssl is enabled, the project cannot be built successfully.

Pingora info

Please include the following information about your environment:

Pingora version: version 0.1.0 / commit 8797329 Rust version: rustc 1.76.0 (07dca489a 2024-02-04) Operating system version: macOS Sonoma 14.3.1 (23D60)

Steps to reproduce

  1. Enable the "boringssl" feature in Cargo.toml
  2. Build the project, run cargo build or cargo run

Expected results

Build successfully.

Observed results

Build failed with output:

   Compiling pingora-core v0.1.0
error[E0599]: no method named `as_raw` found for enum `std::result::Result` in the current scope
    --> /Users/afon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/pingora-core-0.1.0/src/protocols/ssl/client.rs:46:75
     |
46   |                 ssl::ErrorCode::SSL => match stream.ssl().verify_result().as_raw() {
     |                                                                           ^^^^^^
     |
note: the method `as_raw` exists on the type `X509VerifyError`
    --> /Users/afon/.cargo/registry/src/index.crates.io-6f17d22bba15001f/boring-4.5.0/src/x509/mod.rs:1421:5
     |
1421 |     pub fn as_raw(&self) -> c_int {
     |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
help: use the `?` operator to extract the `X509VerifyError` value, propagating a `Result::Err` value to the caller
     |
46   |                 ssl::ErrorCode::SSL => match stream.ssl().verify_result()?.as_raw() {
     |                                                                          +
help: there is a method with a similar name
     |
46   |                 ssl::ErrorCode::SSL => match stream.ssl().verify_result().as_ref() {
     |                                                                           ~~~~~~

For more information about this error, try `rustc --explain E0599`.
error: could not compile `pingora-core` (lib) due to 1 previous error

Additional context

The struct X509VerifyResult in openssl and boringssl is not same.

In openssl:

pub struct X509VerifyResult(c_int);

But in boringssl:

pub type X509VerifyResult = Result<(), X509VerifyError>;

pub struct X509VerifyError(c_int);

Maybe the pingora-core-0.1.0/src/protocols/ssl/client.rs:46 could be edited like this:

#[cfg(not(feature = "boringssl"))]
 match stream.ssl().verify_result().as_raw() {
    // X509_V_ERR_INVALID_CALL in case verify result was never set
    X509_V_OK | X509_V_ERR_INVALID_CALL => {
        Error::e_explain(TLSHandshakeFailure, context)
    }
    _ => Error::e_explain(InvalidCert, context),
}

#[cfg(feature = "boringssl")]
match stream.ssl().verify_result() {
    Ok(()) => Error::e_explain(TLSHandshakeFailure, context),
    Err(e) => {
        match e.as_raw() {
            // X509_V_ERR_INVALID_CALL in case verify result was never set
            X509_V_OK | X509_V_ERR_INVALID_CALL => {
                Error::e_explain(TLSHandshakeFailure, context)
            }
            _ => Error::e_explain(InvalidCert, context),
        }
    }
}

samurai00 avatar Feb 29 '24 09:02 samurai00