OpenConnect 7.07 fails to build with LibreSSL
Bernard Spil
brnrd at FreeBSD.org
Wed Aug 31 05:26:07 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
We've found issues building OpenConnect 7.07 with LibreSSL which were
introduced by the OpenSSL 1.1.0 changes. This is caused by LibreSSL
setting OPENSSL_VERSION_NUMBER to 0x20000000L. The LibreSSL project
includes a define LIBRESSL_VERSION_NUMBER in openssl/opensslv.h that can
be used to fix build errors like this.
I've added the patch to the FreeBSD wiki page on LibreSSL
(https://wiki.freebsd.org/LibreSSL/Ports)
- --- openssl.c.orig 2016-07-09 14:43:41 UTC
+++ openssl.c
@@ -36,11 +36,11 @@
#include <openssl/ui.h>
#include <openssl/rsa.h>
- -#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
(LIBRESSL_VERSION_NUMBER)
#define X509_up_ref(x) CRYPTO_add(&(x)->references, 1,
CRYPTO_LOCK_X509)
#endif
- -#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
(LIBRESSL_VERSION_NUMBER)
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#define X509_STORE_CTX_get0_chain(ctx) ((ctx)->chain)
@@ -991,7 +991,7 @@ static int set_peer_cert_hash(struct ope
return 0;
}
- -#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined
(LIBRESSL_VERSION_NUMBER)
static int match_hostname_elem(const char *hostname, int helem_len,
const char *match, int melem_len)
{
- --- openssl-esp.c.orig 2016-07-08 15:35:18 UTC
+++ openssl-esp.c
@@ -27,7 +27,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
- -#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L ||
defined(LIBRESSL_VERSION_NUMBER)
#define EVP_CIPHER_CTX_free(c) do { \
EVP_CIPHER_CTX_cleanup(c); \
@@ -85,7 +85,7 @@ static int init_esp_ciphers(struct openc
}
EVP_CIPHER_CTX_set_padding(esp->cipher, 0);
- -#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined
(LIBRESSL_VERSION_NUMBER)
esp->hmac = malloc(sizeof(*esp->hmac));
esp->pkt_hmac = malloc(sizeof(*esp->pkt_hmac));
if (!esp->hmac || &esp->pkt_hmac) {
Signed-off-by: Bernard Spil <brnrd at FreeBSD.org>
Hope you'll include this in OpenConnect!
With kind regards,
Bernard Spil.
FreeBSD Ports committer
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJXxszfAAoJEHT7/r+FArC0tiIP/Aim0PuP/tZlXZYfe/o9ylv1
p2h3IkpTrExqQsoxA0HWvP5aJ0mM40sCkaHDcdvDIspI7x45CK/ionBBySs6Me5V
O4Zj/hJh7S+S/036/5Z6EbFDjXayqUFoZHVu3rL8E/ezDmrYqWKz5iIDbOryray9
uM64jUiJBze/aJEeuSIa+pSboTO2PMuvH59yDVN0f1EHU39mAX0HqjE5cRAUM/+Z
yI2wJHFiHjxuszuPcJsKzO88eB9qoAdsrIu/0hbA4+0BkgQa7ODjJIImaHDryXvz
2lV/JtPg4MtT4MAAThAaRvbM73GMJ1HPKGpdH+Jby5tD2KDt2RNsICmRmh5gaeme
YButL7Sn6FylkVV/vO3yp6KTfEMYigqe3Fr+XeTtfueQ20eLpIN2LzIHWLTwHOXb
VpOiwt9s6eeW6ONM353x4kgQ7ekho1wgU8TBzU/oWF6khQIRp+LctEajkvd6cwpx
l0itQo8l9bz3s+jOMHO1anjydqoOoYuTbOxl3SdDzVXC/l2+81YYVHxUiQ/7lCUn
VFtVNtRq4vUZfw9Qg+h6G5RMIJPb1QKAFdpuU7MqOsyHSohoEgBfxp7ojmuvi6y4
c8mNCMJqyMEoWz6XJfHAzjdZ+me+Fbubm6KqCS8oZU1QFXfoa0LSr3WL/L2Tmh2u
u2ETiQs7O8QdTkDPS7I4
=kTFB
-----END PGP SIGNATURE-----
More information about the openconnect-devel
mailing list