I've made a patch to build Haproxy against LibreSSL 2.5.1. This is based on OpenBSD patch, but OpenBSD still has 1.6.11, so I've made some additions.
On 17-02-03 14:13:09, Piotr Kubaj wrote: > I've also tried to build 1.8-dev0-20170131, which fails with the same errors. > > On 17-02-02 09:38:19, Piotr Kubaj wrote: > > Hello, > > > > I'm trying to build Haproxy 1.7.2 on FreeBSD 11.0 against LibreSSL 2.5.1. > > I'm building from FreeBSD ports with: > > DEFAULT_VERSIONS= ssl=libressl-devel > > in /etc/make.conf. > > > > I could build against 2.5.0, but 2.5.1 has hidden more variables in opaque > > structures. The errors I'm getting are: > > cc -Iinclude -Iebtree -Wall -O2 -pipe -fPIE -fPIC -fstack-protector > > -fno-strict-aliasing -DFREEBSD_PORTS -DTPROXY -DCONFIG_HAP_CRYPT > > -DUSE_GETADDRINFO -DUSE_ZLIB -DENABLE_POLL -DENABLE_KQUEUE > > -DUSE_CPU_AFFINITY -DUSE_OPENSSL -DUSE_PCRE -I/usr/local/include > > -DUSE_PCRE_JIT -DCONFIG_HAPROXY_VERSION=\"1.7.2\" > > -DCONFIG_HAPROXY_DATE=\"2017/01/13\" -c -o ebtree/ebistree.o > > ebtree/ebistree.c > > src/shctx.c:660:31: warning: incompatible pointer types passing > > 'SSL_SESSION *(SSL *, const unsigned char *, int, int *)' (aka 'struct > > ssl_session_st *(struct ssl_st *, const unsigned char *, int, int *)') to > > parameter of type > > 'SSL_SESSION *(*)(struct ssl_st *, unsigned char *, int, int *)' (aka > > 'struct ssl_session_st *(*)(struct ssl_st *, unsigned char *, int, int *)') > > [-Wincompatible-pointer-types] > > SSL_CTX_sess_set_get_cb(ctx, shctx_get_cb); > > ^~~~~~~~~~~~ > > /usr/local/include/openssl/ssl.h:742:20: note: passing argument to > > parameter 'get_session_cb' here > > SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, > > ^ > > src/ssl_sock.c:798:2: error: no member named 'tlsext_status_cb' in 'struct > > ssl_ctx_st' > > SSL_CTX_get_tlsext_status_cb(ctx, &callback); > > ^ ~~~ > > src/ssl_sock.c:796:30: note: expanded from macro > > 'SSL_CTX_get_tlsext_status_cb' > > *cb = (void (*) (void))ctx->tlsext_status_cb; > > ~~~ ^ > > src/ssl_sock.c:827:17: error: no member named 'tlsext_status_arg' in > > 'struct ssl_ctx_st' > > cb_arg = ctx->tlsext_status_arg; > > ~~~ ^ > > src/ssl_sock.c:3540:50: error: no member named 'packet_length' in 'struct > > ssl_st' > > empty_handshake = !((SSL > > *)conn->xprt_ctx)->packet_length; > > > > ~~~~~~~~~~~~~~~~~~~~~~~ ^ > > src/ssl_sock.c:3618:48: error: no member named 'packet_length' in 'struct > > ssl_st' > > empty_handshake = !((SSL > > *)conn->xprt_ctx)->packet_length; > > ~~~~~~~~~~~~~~~~~~~~~~~ ^ > > src/ssl_sock.c:4698:18: warning: passing 'const ASN1_OBJECT **' (aka 'const > > struct asn1_object_st **') to parameter of type 'ASN1_OBJECT **' (aka > > 'struct asn1_object_st **') discards qualifiers in nested pointer types > > [-Wincompatible-pointer-types-discards-qualifiers] > > X509_ALGOR_get0(&algorithm, NULL, NULL, X509_get0_tbs_sigalg(crt)); > > ^~~~~~~~~~ > > /usr/local/include/openssl/x509.h:760:36: note: passing argument to > > parameter 'paobj' here > > void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, > > > > -- > > _______________________________________ > > / Ed Sullivan will be around as long as \ > > | someone else has talent. | > > | | > > \ -- Fred Allen / > > --------------------------------------- > > \ ^__^ > > \ (oo)\_______ > > (__)\ )\/\ > > ||----w | > > || || > > > > -- > ______________________________________ > / The ripest fruit falls first. \ > | | > \ -- William Shakespeare, "Richard II" / > -------------------------------------- > \ ^__^ > \ (oo)\_______ > (__)\ )\/\ > ||----w | > || || -- __________________________ < Santa Claus is watching! > -------------------------- \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || ||
--- src/ssl_sock.c.orig 2017-01-13 09:03:00 UTC +++ src/ssl_sock.c @@ -793,7 +793,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *c #ifndef SSL_CTX_get_tlsext_status_cb # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ - *cb = (void (*) (void))ctx->tlsext_status_cb; + *cb = SSL_CTX_ctrl(ctx,128,0, (void (**)(void))cb) #endif SSL_CTX_get_tlsext_status_cb(ctx, &callback); @@ -821,11 +821,7 @@ static int ssl_sock_load_ocsp(SSL_CTX *c int key_type; EVP_PKEY *pkey; -#ifdef SSL_CTX_get_tlsext_status_arg - SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); -#else - cb_arg = ctx->tlsext_status_arg; -#endif + SSL_CTX_ctrl(ctx, 129, 0, &cb_arg); /* * The following few lines will convert cb_arg from a single ocsp to multi ocsp @@ -3537,7 +3533,7 @@ int ssl_sock_handshake(struct connection OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); empty_handshake = state == TLS_ST_BEFORE; #else - empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; + empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; #endif if (empty_handshake) { @@ -3615,7 +3611,7 @@ int ssl_sock_handshake(struct connection state = SSL_get_state((SSL *)conn->xprt_ctx); empty_handshake = state == TLS_ST_BEFORE; #else - empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; + empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; #endif if (empty_handshake) { if (!errno) {
signature.asc
Description: PGP signature