string.h:29:8: error: expected identifier

Question

I'm trying to compile nginx with custom openssl »libressl« using this script: https://gist.github.com/Belphemur/3c022598919e6a1788fc

Everything works fine using libressl 2.1.1. Problem is that libressl 2.1.1 has some security issues, which have been resolved by newer releases.
However I can't get the build to work with libressl 2.1.2 or libressl 2.1.3 (latest version).

The issue I get:

..
cc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g  -I src/core -I src/event -I src/event/modules -I src/os/unix -I /tmp/build/pcre-8.36 -I /tmp/build/libressl-2.1.2/.openssl/include -I objs \
        -o objs/src/core/nginx.o \
        src/core/nginx.c
In file included from /usr/include/string.h:635:0,
                 from /tmp/build/libressl-2.1.2/.openssl/include/string.h:6,
                 from src/os/unix/ngx_linux_config.h:27,
                 from src/core/ngx_config.h:26,
                 from src/core/nginx.c:8:
/tmp/build/libressl-2.1.2/.openssl/include/string.h:29:8: error: expected identifier or ‘(’ before ‘__extension__’
 char * strndup(const char *str, size_t maxlen);
        ^
make[1]: *** [objs/src/core/nginx.o] Error 1
make[1]: Leaving directory `/tmp/build/nginx-1.7.9'
make: *** [build] Error 2
All done.
..

What's the problem & how to resolve it?
Thanks for helping.

score 2 · Accepted Answer · answered Mar 02 '15 at 14:48

I'm the creator of the script you use to build Nginx with LibreSSL.

It is now corrected, the previous way to build and use libressl doesn't work with previous version of the script. (Simply copying all the include and stripping the lib)

The script now install libressl in a set directory and give it to nginx, this way, all the include not needed to use the library (like this string.h) is not part of the building process of nginx.

jww · Answer 2 · 2015-02-28T00:25:11.153

strndup is provided in string.h. You don't need to provide it here:

/tmp/build/libressl-2.1.2/.openssl/include/string.h:29:8: error: expected identifier or ‘(’ before ‘__extension__’
char * strndup(const char *str, size_t maxlen);

I would delete the copy of string.h from the sources, and use the platform's supplied string.h for strndup.

As a matter of fact, I don't know where that string.h is coming from because its not present on my system (and I regularly build and use the latest OpenSSL):

$ find /usr/local/ssl/ -name string.h
$ find /usr/local/ssl/ -name *.h
/usr/local/ssl/include/openssl/rc4.h
/usr/local/ssl/include/openssl/crypto.h
/usr/local/ssl/include/openssl/ts.h
/usr/local/ssl/include/openssl/ecdsa.h
/usr/local/ssl/include/openssl/opensslconf.h
...

I'm trying to compile nginx with custom openssl »libressl« using this script: https://gist.github.com/Belphemur/3c022598919e6a1788fc

OK, this can be a pain as I've had to do similar with nginx (FIPS validated OpenSSL).

The easiest way to handle it is build OpenSSL from sources and install it into /usr/local/ssl. Then, grep nginx's files for -lcrypto and -lssl. When you find them, replace them with the static archive of OpenSSL:

change -lcrypto to /usr/local/ssl/lib/libcrypto.a
change -lssl to /usr/local/ssl/lib/libssl.a

And drop the -L related to OpenSSL.

This will ensure you use your version of OpenSSL at compile time and run time without the need for LD_PRELOAD and DYLD_LIBRARY_PATH tricks. It will just always work.

string.h:29:8: error: expected identifier

2 Answers2