Xfrd error when building

NSD
1

Hello,

I am beginning with NSD, and I get this error when running the make command : ‘struct xfrd_tcp_set’ has no member named ‘ssl_ctx’.
All the technical details I am thinking about are given below.

Thanks in advance for your help.

$ cat /etc/release
CentOS Linux release 7.8.2003 (Core)
Derived from Red Hat Enterprise Linux 7.8 (Source)
NAME=“CentOS Linux”
VERSION=“7 (Core)”
ID=“centos”
ID_LIKE=“rhel fedora”
VERSION_ID=“7”
PRETTY_NAME=“CentOS Linux 7 (Core)”
ANSI_COLOR=“0;31”
CPE_NAME=“cpe:/o:centos:centos:7”
HOME_URL=“https://www.centos.org/
BUG_REPORT_URL=“https://bugs.centos.org/

CENTOS_MANTISBT_PROJECT=“CentOS-7”
CENTOS_MANTISBT_PROJECT_VERSION=“7”
REDHAT_SUPPORT_PRODUCT=“centos”
REDHAT_SUPPORT_PRODUCT_VERSION=“7”

CentOS Linux release 7.8.2003 (Core)
CentOS Linux release 7.8.2003 (Core)
cpe:/o:centos:centos:7

$ yum list installed | egrep -i ‘openssl|flex|bison|libevent’
bison.x86_64 3.0.4-2.el7 @base
bison-devel.x86_64 3.0.4-2.el7 @base
flex.x86_64 2.5.37-6.el7 @base
flex-devel.x86_64 2.5.37-6.el7 @base
libevent.x86_64 2.0.21-4.el7 @base
libevent-devel.x86_64 2.0.21-4.el7 @base
libverto-libevent.x86_64 0.2.5-4.el7 @base
openssl.x86_64 1:1.0.2k-19.el7 @base
openssl-devel.x86_64 1:1.0.2k-19.el7 @base
openssl-libs.x86_64 1:1.0.2k-19.el7 @base
pyOpenSSL.x86_64 0.13.1-4.el7 @base

Thanks in advance for your help

$ make
gcc -I. -g -O2 -flto -c answer.c
gcc -I. -g -O2 -flto -c axfr.c
gcc -I. -g -O2 -flto -c buffer.c
if test “flex” != “:”; then rm -f configlexer.c ;
echo ‘#include “config.h”’ > configlexer.c ;
flex -P c_ -i -t ./configlexer.lex >> configlexer.c ;
fi
bison -y -d -p c_ -o configparser.c ./configparser.y
gcc -I. -g -O2 -flto -c configlexer.c
gcc -I. -g -O2 -flto -c configparser.c
gcc -I. -g -O2 -flto -c dname.c
bison -y -d -o zparser.c ./zparser.y
gcc -I. -g -O2 -flto -c dns.c
gcc -I. -g -O2 -flto -c edns.c
gcc -I. -g -O2 -flto -c iterated_hash.c
gcc -I. -g -O2 -flto -c lookup3.c
gcc -I. -g -O2 -flto -c namedb.c
gcc -I. -g -O2 -flto -c nsec3.c
gcc -I. -g -O2 -flto -c options.c
gcc -I. -g -O2 -flto -c packet.c
gcc -I. -g -O2 -flto -c query.c
gcc -I. -g -O2 -flto -c rbtree.c
gcc -I. -g -O2 -flto -c radtree.c
gcc -I. -g -O2 -flto -c rdata.c
gcc -I. -g -O2 -flto -c region-allocator.c
gcc -I. -g -O2 -flto -c rrl.c
gcc -I. -g -O2 -flto -c siphash.c
gcc -I. -g -O2 -flto -c tsig.c
gcc -I. -g -O2 -flto -c tsig-openssl.c
gcc -I. -g -O2 -flto -c udb.c
gcc -I. -g -O2 -flto -c udbradtree.c
gcc -I. -g -O2 -flto -c udbzone.c
gcc -I. -g -O2 -flto -c util.c
gcc -I. -g -O2 -flto -c bitset.c
gcc -I. -g -O2 -flto -c popen3.c
gcc -I. -g -O2 -flto -c xfrd-disk.c
gcc -I. -g -O2 -flto -c xfrd-notify.c
gcc -I. -g -O2 -flto -c xfrd-tcp.c
gcc -I. -g -O2 -flto -c xfrd.c
xfrd.c: In function ‘xfrd_shutdown’:
xfrd.c:405:19: error: ‘struct xfrd_tcp_set’ has no member named ‘ssl_ctx’
if (xfrd->tcp_set->ssl_ctx)
^
xfrd.c:406:29: error: ‘struct xfrd_tcp_set’ has no member named ‘ssl_ctx’
SSL_CTX_free(xfrd->tcp_set->ssl_ctx);
^
make: *** [xfrd.o] Error 1

2

Am 11.09.21 um 18:12 scrunchie alain hubert via nsd-users:

I am beginning with NSD, and I get this error when running the make command : ‘struct xfrd_tcp_set’ has no member named ‘ssl_ctx’.

$ yum list installed | egrep -i 'openssl|flex|bison|libevent'
openssl.x86_64 1:1.0.2k-19.el7 @base
openssl-devel.x86_64 1:1.0.2k-19.el7 @base
openssl-libs.x86_64 1:1.0.2k-19.el7 @base

Hi,

your distribution is old. It gives you openssl-1.0.2, which is no longer supported by the openssl team.
I expect, the current nsd source is not optimized to build against old, unsupported openssl version.

from https://www.openssl.org/policies/releasestrat.html:

   The next version of OpenSSL will be 3.0.0.
   Version 1.1.1 will be supported until 2023-09-11 (LTS).
   Version 1.0.2 is no longer supported. Extended support for 1.0.2 to gain access to security fixes for that version is available.
   Versions 1.1.0, 1.0.1, 1.0.0 and 0.9.8 are no longer supported.

Andreas

3

Hi,

Yes, that was the issue, the older version did not have TLS 1.3 and this
caused the compile failure. The issue is fixed in commit
https://github.com/NLnetLabs/nsd/commit/222d6406ec2740037006687320ac811008c048b2

Best regards, Wouter

4

Thanks for yours answers. I installed a newer openssl and things are going well.