67860 – mod_tls: Fails to build with rustls_ffi 0.11.0

Bug 67860 - mod_tls: Fails to build with rustls_ffi 0.11.0

Summary: mod_tls: Fails to build with rustls_ffi 0.11.0

Status:	RESOLVED FIXED

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	Other Modules (show other bugs)
Version:	2.5-HEAD
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-10-21 14:39 UTC by Bernard Spil
Modified:	2024-04-22 14:46 UTC (History)
CC List:	2 users (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernard Spil 2023-10-21 14:39:10 UTC

Comment 1 Bernard Spil 2023-10-21 14:42:29 UTC

There's been some juggling of names between rustls_ffi 0.10.0 and 0.11.0, the mod_tls module fails to build

```
./tls_cert.h:196:11: error: unknown type name 'rustls_client_cert_verifier'
    const rustls_client_cert_verifier **pverifier);
          ^
./tls_cert.h:209:11: error: unknown type name 'rustls_client_cert_verifier_optional'
    const rustls_client_cert_verifier_optional **pverifier);
          ^
tls_cert.c:452:11: error: unknown type name 'rustls_client_cert_verifier'
    const rustls_client_cert_verifier *client_verifier;
          ^                                                                                                                                                                                                     tls_cert.c:453:11: error: unknown type name 'rustls_client_cert_verifier_optional'
    const rustls_client_cert_verifier_optional *client_verifier_opt;
          ^
tls_cert.c:461:9: warning: implicit declaration of function 'rustls_client_cert_verifier_free' is invalid in C99 [-Wimplicit-function-declaration]                                                                      rustls_client_cert_verifier_free(entry->client_verifier);
        ^
tls_cert.c:465:9: warning: implicit declaration of function 'rustls_client_cert_verifier_optional_free' is invalid in C99 [-Wimplicit-function-declaration]                                                             rustls_client_cert_verifier_optional_free(entry->client_verifier_opt);
        ^
tls_cert.c:517:11: error: unknown type name 'rustls_client_cert_verifier'
    const rustls_client_cert_verifier **pverifier)                                                                                                                                                                        ^                                                                                                                                                                                                     tls_cert.c:527:34: warning: implicit declaration of function 'rustls_client_cert_verifier_new' is invalid in C99 [-Wimplicit-function-declaration]
        entry->client_verifier = rustls_client_cert_verifier_new(store);
                                 ^
tls_cert.c:543:11: error: unknown type name 'rustls_client_cert_verifier_optional'
    const rustls_client_cert_verifier_optional **pverifier)
          ^
tls_cert.c:553:38: warning: implicit declaration of function 'rustls_client_cert_verifier_optional_new' is invalid in C99 [-Wimplicit-function-declaration]                                                             entry->client_verifier_opt = rustls_client_cert_verifier_optional_new(store);                                                                                                                                                                ^                                                                                                                                                                          4 warnings and 6 errors generated.
```

From the https://github.com/rustls/rustls-ffi/blob/main/CHANGELOG.md 


    rustls_client_cert_verifier became rustls_allow_any_authenticated_client_verifier and must be constructed from a rustls_allow_any_authenticated_client_builder.
    rustls_client_cert_verifier_optional became rustls_allow_any_anonymous_or_authenticated_client_verifier and must be constructed from a rustls_allow_any_anonymous_or_authenticated_client_builder.

Comment 2 Stefan Eissing 2023-10-21 16:04:58 UTC

Have they broken the API again?

Comment 3 Bernard Spil 2023-10-21 16:50:54 UTC

Looks like it.

Builds OK with rustls_ffi 0.10.0.

Comment 4 Stefan Eissing 2023-10-23 09:04:19 UTC

I think we skip v0.11.0 and see what new name changes v0.12.0 brings.

Comment 5 Daniel 2024-04-03 19:11:36 UTC

@Stefan - would a contribution to update to 0.13.0 be helpful? It may take me a little bit of time & some support.

Comment 6 Daniel 2024-04-16 13:44:05 UTC

I heard from Stefan out-of-band and he agreed to help support an update. I will try to start working on this Soon(TM).

Comment 7 Daniel 2024-04-21 20:35:08 UTC

I've put up an initial PR updating to rustls-ffi 0.13: https://github.com/apache/httpd/pull/439

Comment 8 Daniel 2024-04-22 14:12:20 UTC

I think this bug can be closed. Support is in-tree: https://svn.apache.org/viewvc?view=revision&revision=1917270

Comment 9 Bernard Spil 2024-04-22 14:46:23 UTC

Thanks!

Now I can try getting the mod_tls port on FreeBSD