x86_64-pc-linux-gnu-g++ '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1' '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_USE_V8_PLATFORM=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_INSPECTOR=1' '-DHAVE_OPENSSL=1' '-D__POSIX__' -I../src -I../tools/msvs/genfiles -I../deps/uv/src/ares -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen -I../deps/v8_inspector/include -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen/include -I../deps/v8/include -I../deps/cares/include -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++0x -march=corei7-avx -O2 -pipe -c -o /var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj.target/node/src/node_buffer.o ../src/node_buffer.cc In file included from ../src/node.cc:16:0: ../src/node_crypto.h:95:54: error: invalid application of 'sizeof' to incomplete type 'SSL_CTX {aka ssl_ctx_st}' static const int64_t kExternalSize = sizeof(SSL_CTX); ^ ../src/node_crypto.h:213:17: error: invalid application of 'sizeof' to incomplete type 'SSL {aka ssl_st}' sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024; ^ ../src/node_crypto.h:213:28: error: 'SSL3_STATE' was not declared in this scope sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024; ^~~~~~~~~~ ../src/node_crypto.h:465:18: error: field 'ctx_' has incomplete type 'EVP_CIPHER_CTX {aka evp_cipher_ctx_st}' EVP_CIPHER_CTX ctx_; /* coverity[member_decl] */ ^~~~ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:90:16: note: forward declaration of 'EVP_CIPHER_CTX {aka struct evp_cipher_ctx_st}' typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; ^~~~~~~~~~~~~~~~~ In file included from ../src/node.cc:16:0: ../src/node_crypto.h: In destructor 'virtual node::crypto::CipherBase::~CipherBase()': ../src/node_crypto.h:415:33: error: 'EVP_CIPHER_CTX_cleanup' was not declared in this scope EVP_CIPHER_CTX_cleanup(&ctx_); ^ ../src/node_crypto.h: At global scope: ../src/node_crypto.h:500:12: error: field 'ctx_' has incomplete type 'HMAC_CTX {aka hmac_ctx_st}' HMAC_CTX ctx_; /* coverity[member_decl] */ ^~~~ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:102:16: note: forward declaration of 'HMAC_CTX {aka struct hmac_ctx_st}' typedef struct hmac_ctx_st HMAC_CTX; ^~~~~~~~~~~ In file included from ../src/node.cc:16:0: ../src/node_crypto.h: In destructor 'virtual node::crypto::Hmac::~Hmac()': ../src/node_crypto.h:478:27: error: 'HMAC_CTX_cleanup' was not declared in this scope HMAC_CTX_cleanup(&ctx_); ^ ../src/node_crypto.h: At global scope: ../src/node_crypto.h:529:14: error: field 'mdctx_' has incomplete type 'EVP_MD_CTX {aka evp_md_ctx_st}' EVP_MD_CTX mdctx_; /* coverity[member_decl] */ ^~~~~~ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:92:16: note: forward declaration of 'EVP_MD_CTX {aka struct evp_md_ctx_st}' typedef struct evp_md_ctx_st EVP_MD_CTX; ^~~~~~~~~~~~~ In file included from ../src/node.cc:16:0: ../src/node_crypto.h: In destructor 'virtual node::crypto::Hash::~Hash()': ../src/node_crypto.h:509:31: error: 'EVP_MD_CTX_cleanup' was not declared in this scope EVP_MD_CTX_cleanup(&mdctx_); ^ ../src/node_crypto.h: At global scope: ../src/node_crypto.h:560:14: error: field 'mdctx_' has incomplete type 'EVP_MD_CTX {aka evp_md_ctx_st}' EVP_MD_CTX mdctx_; /* coverity[member_decl] */ ^~~~~~ In file included from /usr/include/openssl/crypto.h:31:0, from /usr/include/openssl/comp.h:16, from /usr/include/openssl/ssl.h:47, from ../src/node_crypto.h:20, from ../src/node.cc:16: /usr/include/openssl/ossl_typ.h:92:16: note: forward declaration of 'EVP_MD_CTX {aka struct evp_md_ctx_st}' typedef struct evp_md_ctx_st EVP_MD_CTX; ^~~~~~~~~~~~~ In file included from ../src/node.cc:16:0: ../src/node_crypto.h: In destructor 'virtual node::crypto::SignBase::~SignBase()': ../src/node_crypto.h:554:31: error: 'EVP_MD_CTX_cleanup' was not declared in this scope EVP_MD_CTX_cleanup(&mdctx_); ^ ../src/node_crypto.h: In destructor 'virtual node::crypto::DiffieHellman::~DiffieHellman()': ../src/node_crypto.h:644:17: error: 'DH_free' was not declared in this scope DH_free(dh); ^ x86_64-pc-linux-gnu-g++ '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1' '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_USE_V8_PLATFORM=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_INSPECTOR=1' '-DHAVE_OPENSSL=1' '-D__POSIX__' -I../src -I../tools/msvs/genfiles -I../deps/uv/src/ares -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen -I../deps/v8_inspector/include -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen/include -I../deps/v8/include -I../deps/cares/include -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++0x -march=corei7-avx -O2 -pipe -c -o /var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj.target/node/src/node_config.o ../src/node_config.cc x86_64-pc-linux-gnu-g++ '-DNODE_ARCH="x64"' '-DNODE_PLATFORM="linux"' '-DNODE_WANT_INTERNALS=1' '-DV8_DEPRECATION_WARNINGS=1' '-DNODE_USE_V8_PLATFORM=1' '-DNODE_HAVE_I18N_SUPPORT=1' '-DHAVE_INSPECTOR=1' '-DHAVE_OPENSSL=1' '-D__POSIX__' -I../src -I../tools/msvs/genfiles -I../deps/uv/src/ares -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen -I../deps/v8_inspector/include -I/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj/gen/include -I../deps/v8/include -I../deps/cares/include -pthread -Wall -Wextra -Wno-unused-parameter -m64 -O3 -fno-omit-frame-pointer -fno-rtti -fno-exceptions -std=gnu++0x -march=corei7-avx -O2 -pipe -c -o /var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj.target/node/src/node_constants.o ../src/node_constants.cc make: *** [node.target.mk:152: /var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out/Release/obj.target/node/src/node.o] Error 1 make: *** Waiting for unfinished jobs.... rm 57add9cb9d387177fdf8756ef89ed2abedd8f920.intermediate make: Leaving directory '/var/tmp/portage/net-libs/nodejs-7.3.0/work/node-v7.3.0/out' * ERROR: net-libs/nodejs-7.3.0::gentoo failed (compile phase): * emake failed
Created attachment 459110 [details] net-libs/nodejs-7.3.0:20170107-165907.log.xz
I changed the URL: from https://github.com/nodejs/node/pull/8491 as 8491 is now closed to https://github.com/nodejs/node/pull/16130
(In reply to Mark Wright from comment #2) > I changed the URL: from > https://github.com/nodejs/node/pull/8491 > as 8491 is now closed to > https://github.com/nodejs/node/pull/16130 Looking at the minutes (below) of the latest meeting from upstream I think changing the URL was a mistake, so I put it back. Upstream seem to be in no hurry to fix it, at least the PR# 8491 is a possible way forward as noted in this comment: https://github.com/nodejs/node/pull/16130#issuecomment-335811146 davidben commented 7 days ago You'll have to ask OpenSSL folks about that one. But I don't think it makes sense to wait for it before supporting it at all, maybe just before shipping it in the bundled copy. Switching to 1.1.0 is a large change with deprecation consequences. You're better off getting things in sooner rather than later so you can plan for it before 1.0.2 goes EOL. (I intentionally did not switch the bundled copy in this PR.) Moreover, folks like Linux distributions may switch before you do. They may just pick up the old PR which would be problematic as it didn't work right. ### nodejs/node * Support both OpenSSL 1.1.0 and 1.0.2 [#16130](https://github.com/nodejs/node/pull/16130) * Myles: 1.0.2 is EOL end 2019, we shortened lifecycle of Node v8 to accommodate * Myles: 1.1.0 is latest, but no LTS plan is public and no FIPS. * Myles: We need a solid OpenSSL story by the time 10.0.0 is cut because LTS and all that. * Myles: We need a crypto team or a WG to handle this. * Michael Dawson: Once 9.0.0 is cut, we should switch over to 1.1.0 in master. We know we can.t stay on 1.0.2 for 10.0.0 because it will be end of life. So straightforward path is upgrade to 1.1.0. * Myles: I volunteer to help put together a group to push this forward. Anyone else? I.m not an expert. * James: The TSC experts on crypto aren.t on this call. We should pull in Fedor and Shigeki for sure. * Myles: I.ll reach out to them. * Michael: Anyone think moving to 1.1.0 after cutting 9 is the wrong thing to do? * James: What about FIPS? * Michael: We may have no choice. If there.s no FIPS module, what can else can we do? * James: We can.t have 10.0.0 go LTS without FIPS. * Myles: Only alternative that has a FIPS module is BoringSSL. But the README is not encouraging about it. we should maybe get some industry folks involved. I.ve heard that maybe there.s a desire to not have FIPS support. * James: If that.s our route, we need to deprecate FIPS support ASAP. * Myles: We could deprecate FIPS in 9.0.0 and bring it back anytime. * James: Would rather not deprecate and bring back. We can do a docs deprecation later in 9.0.0 and a run time deprecation in 10.0.0. * Nikita: +1 to deprecating FIPS. * ACTION ITEM: Myles, James, Michael, hopefully Fedor and Shigeki, maybe others, will talk about this and bring back a proposal.
Created attachment 500618 [details, diff] nodejs-8.8.1-openssl-1.1-p1-pr16130.patch Patch 1 of 2 for net-libs/nodejs-8.1.1 to compile with dev-libs/openssl-1.1.0f, from PR# 16130.
Created attachment 500620 [details, diff] nodejs-8.8.1-openssl-1.1-p2.patch Patch 2 of 2 for net-libs/nodejs-8.1.1 to compile with dev-libs/openssl-1.1.0f, by me.
Created attachment 507810 [details, diff] nodejs-9.2.0-openssl-1.1.patch pull request 16310 is merged in nodejs 9.2.0, so this is just the remaining changes from my nodejs-8.8.1-openssl-1.1-p2.patch for nodejs 9.2.0.
Created attachment 510424 [details, diff] nodejs-9.3.0-openssl-1.1.patch
I may be missing something, but to me the `set_protocol_version()` function in your patch feels very wrong. All it seems to do is create a SSL_CTX, set its min/max protocol version, and delete it. If that was the intention, the SSL_METHOD passed as a parameter won't be affected at all by these calls.
I cannot reproduce this issue. Note that I'm using node 9.11.2 (7.x is no longer in Gentoo). USE="openssl" emerge =net-libs/nodejs-9.11.2 Succeeds. I'm using dev-libs/openssl-1.1.1 I'm confident that this issue was solved by https://bugs.gentoo.org/592438#c5
Unable to reproduce with 8.12.0 (current stable) either amd64 mostly stable env
It is 10.14.2 marked as LTS (aka "stable") by upstream ATM. All <=9 versions are EOL. And 10+ requires (?) openssl-1.1
(In reply to Vadim A. Misbakh-Soloviov (mva) from comment #11) > It is 10.14.2 marked as LTS (aka "stable") by upstream ATM. > All <=9 versions are EOL. > And 10+ requires (?) openssl-1.1 Thank you for the hint. Quick note, 10+ ebuilds might be unnecessary strict and prevents building it against openssl-1.1.1*. Somebody with a better knowledge may want to investigate and correct the RDEPEND section
The affected versions were removed from the tree a long time ago.