networkupstools · jimklimov · Nov 15, 2020 · Nov 14, 2020 · Nov 14, 2020 · Nov 15, 2020
diff --git a/ci_build.sh b/ci_build.sh
@@ -286,7 +286,9 @@ default|default-alldrv|default-all-errors|default-spellcheck|default-shellcheck|
         sudo dpkg -r --force all pkg-config
     fi
 
-    configure_nut
+    if [ "$BUILD_TYPE" != "default-all-errors" ] ; then
+        configure_nut
+    fi
 
     case "$BUILD_TYPE" in
         "default-tgt:"*) # Hook for matrix of custom distchecks primarily
@@ -330,7 +332,26 @@ default|default-alldrv|default-all-errors|default-spellcheck|default-shellcheck|
             ;;
         "default-all-errors")
             RES=0
-            build_to_only_catch_errors || RES=$?
+            if pkg-config --exists nss && pkg-config --exists openssl ; then
+                # Try builds for both cases as they are ifdef-ed
+
+                echo "=== Building with SSL=openssl..."
+                ( CONFIG_OPTS+=("--with-openssl")
+                  configure_nut
+                  build_to_only_catch_errors ) || RES=$?
+
+                echo "=== Clean the sandbox..."
+                make distclean -k || true
+
+                echo "=== Building with SSL=nss..."
+                ( CONFIG_OPTS+=("--with-nss")
+                  configure_nut
+                  build_to_only_catch_errors ) || RES=$?
+            else
+                # Build what we can configure
+                configure_nut
+                build_to_only_catch_errors || RES=$?
+            fi
             exit $RES
             ;;
     esac

diff --git a/clients/upsclient.c b/clients/upsclient.c
@@ -199,6 +199,9 @@ static int ssl_error(SSL *ssl, int ret)
 static char *nss_password_callback(PK11SlotInfo *slot, PRBool retry,
 		void *arg)
 {
+	NUT_UNUSED_VARIABLE(retry);
+	NUT_UNUSED_VARIABLE(arg);
+
 	upslogx(LOG_INFO, "Intend to retrieve password for %s / %s: password %sconfigured",
 		PK11_GetSlotName(slot), PK11_GetTokenName(slot), nsscertpasswd?"":"not ");
 	return nsscertpasswd ? PL_strdup(nsscertpasswd) : NULL;
@@ -233,6 +236,10 @@ static SECStatus AuthCertificateDontVerify(CERTCertDBHandle *arg, PRFileDesc *fd
 	PRBool checksig, PRBool isServer)
 {
 	UPSCONN_t *ups   = (UPSCONN_t *)SSL_RevealPinArg(fd);
+	NUT_UNUSED_VARIABLE(arg);
+	NUT_UNUSED_VARIABLE(checksig);
+	NUT_UNUSED_VARIABLE(isServer);
+
 	upslogx(LOG_INFO, "Do not intend to authenticate server %s",
 		ups?ups->host:"<unnamed>");
 	return SECSuccess;
@@ -241,6 +248,8 @@ static SECStatus AuthCertificateDontVerify(CERTCertDBHandle *arg, PRFileDesc *fd
 static SECStatus BadCertHandler(UPSCONN_t *arg, PRFileDesc *fd)
 {
 	HOST_CERT_t* cert;
+	NUT_UNUSED_VARIABLE(fd);
+
 	upslogx(LOG_WARNING, "Certificate validation failed for %s",
 		(arg&&arg->host)?arg->host:"<unnamed>");
 	/* BadCertHandler is called when the NSS certificate validation is failed.
@@ -288,6 +297,8 @@ static SECStatus GetClientAuthData(UPSCONN_t *arg, PRFileDesc *fd,
 
 static void HandshakeCallback(PRFileDesc *fd, UPSCONN_t *client_data)
 {
+	NUT_UNUSED_VARIABLE(fd);
+
 	upslogx(LOG_INFO, "SSL handshake done successfully with server %s",
 		client_data->host);
 }

diff --git a/m4/nut_check_libnetsnmp.m4 b/m4/nut_check_libnetsnmp.m4
@@ -13,8 +13,15 @@ if test -z "${nut_have_libnetsnmp_seen}"; then
 	CFLAGS_ORIG="${CFLAGS}"
 	LIBS_ORIG="${LIBS}"
 
-	dnl By default seek in PATH
-	NET_SNMP_CONFIG=net-snmp-config
+	dnl By default seek in PATH, but which variant (if several are provided)?
+	AC_CHECK_SIZEOF([void *])
+	AS_CASE(["${ac_cv_sizeof_void_p}"],
+		[4],[NET_SNMP_CONFIG=net-snmp-config-32],
+		[8],[NET_SNMP_CONFIG=net-snmp-config-64]
+		)
+	AS_IF([test -n "${NET_SNMP_CONFIG}" && test -n "`command -v "${NET_SNMP_CONFIG}"`"],
+		[], [NET_SNMP_CONFIG=net-snmp-config])
+
 	AC_ARG_WITH(net-snmp-config,
 		AS_HELP_STRING([@<:@--with-net-snmp-config=/path/to/net-snmp-config@:>@],
 			[path to program that reports Net-SNMP configuration]),

diff --git a/m4/nut_check_libnss.m4 b/m4/nut_check_libnss.m4
@@ -59,6 +59,10 @@ if test -z "${nut_have_libnss_seen}"; then
 	AC_MSG_RESULT([${LIBS}])
 
 	dnl check if NSS is usable: we need both the runtime and headers
+	dnl NOTE that caller may have to specify PKG_CONFIG_PATH including
+	dnl their bitness variant if it is not prioritized in their default
+	dnl setting built in by OS distribution; the .../pkgconfig/nss.pc
+	dnl tends to specify the libdir which is CPU Arch dependent.
 	AC_CHECK_FUNCS(NSS_Init, [nut_have_libnss=yes], [nut_have_libnss=no])
 	dnl libc6 also provides an nss.h file, so also check for ssl.h
 	AC_CHECK_HEADERS([nss.h ssl.h], [], [nut_have_libnss=no], [AC_INCLUDES_DEFAULT])

diff --git a/server/netssl.c b/server/netssl.c
@@ -35,6 +35,13 @@
 	#include <pk11pub.h>
 	#include <prinit.h>
 	#include <private/pprio.h>
+/* Note: on systems with NSS 3.x the following two lines complain non-fatally:
+ *   /usr/include/mps/key.h:9:9: note: '#pragma message: key.h is deprecated. Please include keyhi.h instead.'
+ *   /usr/include/mps/keyt.h:9:9: note: '#pragma message: keyt.h is deprecated. Please include keythi.h instead.'
+ * If this becomes a warning or error in the future, it can be addressed
+ * with a trick like done elsewhere for best pick of (sys/)types.h support
+ * for the specific build target platform.
+ */
 	#include <key.h>
 	#include <keyt.h>
 	#include <secerr.h>
@@ -145,6 +152,8 @@ static SECKEYPrivateKey *privKey;
 static char *nss_password_callback(PK11SlotInfo *slot, PRBool retry,
 		void *arg)
 {
+	NUT_UNUSED_VARIABLE(arg);
+
 	if (retry) {
 		/* Force not inted to retrieve password many times. */
 		return NULL;
@@ -170,6 +179,8 @@ static int ssl_error(PRFileDesc *ssl, int ret)
 	char buffer[256];
 	PRInt32 length;
 	PRErrorCode e;
+	NUT_UNUSED_VARIABLE(ssl);
+	NUT_UNUSED_VARIABLE(ret);
 
 	e = PR_GetError();
 	length = PR_GetErrorText(buffer);
@@ -195,6 +206,8 @@ static SECStatus AuthCertificate(CERTCertDBHandle *arg, PRFileDesc *fd,
 
 static SECStatus BadCertHandler(nut_ctype_t *arg, PRFileDesc *fd)
 {
+	NUT_UNUSED_VARIABLE(fd);
+
 	upslogx(LOG_WARNING, "Certificate validation failed for %s",
 		(arg&&arg->addr)?arg->addr:"<unnamed>");
 #ifdef WITH_CLIENT_CERTIFICATE_VALIDATION
@@ -211,6 +224,8 @@ static SECStatus BadCertHandler(nut_ctype_t *arg, PRFileDesc *fd)
 
 static void HandshakeCallback(PRFileDesc *fd, nut_ctype_t *client_data)
 {
+	NUT_UNUSED_VARIABLE(fd);
+
 	upslogx(LOG_INFO, "SSL handshake done successfully with client %s",
 		client_data->addr);
 }