OpenConnect 7.07 fails to build with LibreSSL
Piotr Kubaj
pkubaj at anongoth.pl
Wed Aug 31 11:01:40 PDT 2016
I went a little overboard :) and created those patches.
They make it possible to build the latest git sources of Openconnect
against LibreSSL 2.4.2.
Basically, they remove bad_dtls_test and add missing
LIBRESSL_VERSION_NUMBER. I've verified that the binaries I built work
and I successfully logged in to VPN using it.
When connecting I get:
SSL_set_session() failed with old protocol version 0x100
Are you using a version of OpenSSL older than 0.9.8m?
See http://rt.openssl.org/Ticket/Display.html?id=1751
Use the --no-dtls command line option to avoid this message
Set up DTLS failed; using SSL instead
which is harmless
Output of make check:
Making check in tests
make
make check-TESTS
PASS: lzstest
PASS: seqtest
============================================================================
Testsuite summary for openconnect 7.07
============================================================================
# TOTAL: 2
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
@dwmw2
I know it's unreasonable to expect you to remove bad_dtls_test, but
could you at least add the missing LIBRESSL_VERSION_NUMBER checks?
On 08/31/16 07:02 PM, Bernard Spil wrote:
> On 2016-08-31 15:05, David Woodhouse wrote:
>> On Wed, 2016-08-31 at 15:02 +0200, Bernard Spil wrote:
>>>
>>> Hi,
>>>
>>> I heard you like git diffs. Please find a git diff against master
>>> attached.
>>
>> Inline is also fine, although your last attempt was word-wrapped and
>> didn't apply cleanly. The attachment seems to have resolved that.
>>
>> But there are bigger problems, I'm afraid. I've commented in
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212254#c6
>
> Hi David,
>
> Saw that PR. Clear. Noted!
>
> If you need OpenConnect, pull in GnuTLS (or OpenSSL from ports if you
> must).
>
> Cheers,
>
> Bernard.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-dtls.c
Type: text/x-csrc
Size: 1159 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-openssl.c
Type: text/x-csrc
Size: 1487 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch-openssl-esp.c
Type: text/x-csrc
Size: 636 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0005.bin>
-------------- next part --------------
--- tests/Makefile.am.orig 2016-08-31 17:39:09 UTC
+++ tests/Makefile.am
@@ -48,17 +48,6 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
noinst_PROGRAMS = lzstest seqtest
-if CHECK_DTLS
-noinst_PROGRAMS += bad_dtls_test
-bad_dtls_test_SOURCES = bad_dtls_test.c
-bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS)
-bad_dtls_test_LDADD = $(OPENSSL_LIBS)
-
-if DTLS_XFAIL
-XFAIL_TESTS = bad_dtls_test
-endif
-endif
-
TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS)
-------------- next part --------------
--- tests/Makefile.in.orig 2016-08-31 17:39:44 UTC
+++ tests/Makefile.in
@@ -97,9 +97,6 @@ host_triplet = @host@
@OPENCONNECT_OPENSSL_TRUE@ $(certsdir)/user-key-pkcs8-pbes1-md5-des.pem \
@OPENCONNECT_OPENSSL_TRUE@ $(certsdir)/user-key-pkcs8-pbes1-md5-des.der
noinst_PROGRAMS = lzstest$(EXEEXT) seqtest$(EXEEXT) $(am__EXEEXT_1)
- at CHECK_DTLS_TRUE@am__append_2 = bad_dtls_test
- at CHECK_DTLS_TRUE@@DTLS_XFAIL_TRUE at XFAIL_TESTS = \
- at CHECK_DTLS_TRUE@@DTLS_XFAIL_TRUE@ bad_dtls_test$(EXEEXT)
subdir = tests
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_vscript.m4 \
@@ -114,21 +111,12 @@ mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
- at CHECK_DTLS_TRUE@am__EXEEXT_1 = bad_dtls_test$(EXEEXT)
PROGRAMS = $(noinst_PROGRAMS)
-am__bad_dtls_test_SOURCES_DIST = bad_dtls_test.c
- at CHECK_DTLS_TRUE@am_bad_dtls_test_OBJECTS = \
- at CHECK_DTLS_TRUE@ bad_dtls_test-bad_dtls_test.$(OBJEXT)
-bad_dtls_test_OBJECTS = $(am_bad_dtls_test_OBJECTS)
am__DEPENDENCIES_1 =
- at CHECK_DTLS_TRUE@bad_dtls_test_DEPENDENCIES = $(am__DEPENDENCIES_1)
AM_V_lt = $(am__v_lt_ at AM_V@)
am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-bad_dtls_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(bad_dtls_test_CFLAGS) \
- $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
lzstest_SOURCES = lzstest.c
lzstest_OBJECTS = lzstest.$(OBJEXT)
lzstest_LDADD = $(LDADD)
@@ -170,8 +158,6 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@)
am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(bad_dtls_test_SOURCES) lzstest.c seqtest.c
-DIST_SOURCES = $(am__bad_dtls_test_SOURCES_DIST) lzstest.c seqtest.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -624,9 +610,6 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)" \
key_list="$(USER_KEYS)"
- at CHECK_DTLS_TRUE@bad_dtls_test_SOURCES = bad_dtls_test.c
- at CHECK_DTLS_TRUE@bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS)
- at CHECK_DTLS_TRUE@bad_dtls_test_LDADD = $(OPENSSL_LIBS)
TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS)
OPENSSL = openssl
OSSLARGS = -in $< -out $@ -passout pass:password
@@ -674,10 +657,6 @@ clean-noinstPROGRAMS:
echo " rm -f" $$list; \
rm -f $$list
-bad_dtls_test$(EXEEXT): $(bad_dtls_test_OBJECTS) $(bad_dtls_test_DEPENDENCIES) $(EXTRA_bad_dtls_test_DEPENDENCIES)
- @rm -f bad_dtls_test$(EXEEXT)
- $(AM_V_CCLD)$(bad_dtls_test_LINK) $(bad_dtls_test_OBJECTS) $(bad_dtls_test_LDADD) $(LIBS)
-
lzstest$(EXEEXT): $(lzstest_OBJECTS) $(lzstest_DEPENDENCIES) $(EXTRA_lzstest_DEPENDENCIES)
@rm -f lzstest$(EXEEXT)
$(AM_V_CCLD)$(LINK) $(lzstest_OBJECTS) $(lzstest_LDADD) $(LIBS)
@@ -692,7 +671,6 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
- at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bad_dtls_test-bad_dtls_test.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/lzstest.Po at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/seqtest.Po at am__quote@
@@ -717,20 +695,6 @@ distclean-compile:
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $<
-bad_dtls_test-bad_dtls_test.o: bad_dtls_test.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -MT bad_dtls_test-bad_dtls_test.o -MD -MP -MF $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo -c -o bad_dtls_test-bad_dtls_test.o `test -f 'bad_dtls_test.c' || echo '$(srcdir)/'`bad_dtls_test.c
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo $(DEPDIR)/bad_dtls_test-bad_dtls_test.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bad_dtls_test.c' object='bad_dtls_test-bad_dtls_test.o' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -c -o bad_dtls_test-bad_dtls_test.o `test -f 'bad_dtls_test.c' || echo '$(srcdir)/'`bad_dtls_test.c
-
-bad_dtls_test-bad_dtls_test.obj: bad_dtls_test.c
- at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -MT bad_dtls_test-bad_dtls_test.obj -MD -MP -MF $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo -c -o bad_dtls_test-bad_dtls_test.obj `if test -f 'bad_dtls_test.c'; then $(CYGPATH_W) 'bad_dtls_test.c'; else $(CYGPATH_W) '$(srcdir)/bad_dtls_test.c'; fi`
- at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo $(DEPDIR)/bad_dtls_test-bad_dtls_test.Po
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bad_dtls_test.c' object='bad_dtls_test-bad_dtls_test.obj' libtool=no @AMDEPBACKSLASH@
- at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -c -o bad_dtls_test-bad_dtls_test.obj `if test -f 'bad_dtls_test.c'; then $(CYGPATH_W) 'bad_dtls_test.c'; else $(CYGPATH_W) '$(srcdir)/bad_dtls_test.c'; fi`
-
mostlyclean-libtool:
-rm -f *.lo
@@ -958,13 +922,6 @@ seqtest.log: seqtest$(EXEEXT)
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
-bad_dtls_test.log: bad_dtls_test$(EXEEXT)
- @p='bad_dtls_test$(EXEEXT)'; \
- b='bad_dtls_test'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0001.sig>
More information about the openconnect-devel
mailing list