On Sun, 3 Sep 2023 09:17:21 -0700
orbea <or...@riseup.net> wrote:
> On Sun, 3 Sep 2023 16:47:31 +0200
> Antonio Quartulli <a...@unstable.cc> wrote:
>
> > Hi,
> >
> > On 03/09/2023 16:29, or...@riseup.net wrote:
> > > From: orbea <or...@riseup.net>
> > >
> > > Starting with LibreSSL 3.8.1 the engines have been removed which
> > > causes the OpenVPN build to fail. This can be solved during
> > > configure by checking if OPENSSL_NO_ENGINE is defined in
> > > opensslconf.h. ---
> > > configure.ac | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/configure.ac b/configure.ac
> > > index 2f65cbd5..b5a835dc 100644
> > > --- a/configure.ac
> > > +++ b/configure.ac
> > > @@ -926,11 +926,12 @@ if test "${with_crypto_library}" =
> > > "openssl"; then AC_COMPILE_IFELSE(
> > > [AC_LANG_PROGRAM(
> > > [[
> > > + #include <openssl/opensslconf.h>
> > > #include <openssl/opensslv.h>
> > > ]],
> > > [[
> > > /* Version encoding: MNNFFPPS - see
> > > opensslv.h for details */
> > > - #if OPENSSL_VERSION_NUMBER >= 0x30000000L
> > > + #if OPENSSL_VERSION_NUMBER >= 0x30000000L ||
> > > defined(OPENSSL_NO_ENGINE) #error Engine supported disabled by
> > > default in OpenSSL 3.0+
> >
> > Maybe the message should be changed now? Or we could have an
> > entirely different message for this case?
> >
> > Cheers,
> >
> > > #endif
> > > ]]
> >
>
> Do you think it might be preferable to only check OPENSSL_NO_ENGINE? I
> see other code bases such as Tor only checking that define.
>
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Here is a patch that preserves the version check and adds a second
check for OPENSSL_NO_ENGINE which seems to also be useful for BoringSSL.
>From d6700ec0f5af2522bb4eb136d3760f5b1445c9d1 Mon Sep 17 00:00:00 2001
From: orbea <or...@riseup.net>
Date: Sat, 2 Sep 2023 23:06:22 -0700
Subject: [PATCH] configure: disable engines if OPENSSL_NO_ENGINE is defined
Starting with LibreSSL 3.8.1 the engines have been removed which causes
the OpenVPN build to fail. This can be solved during configure by
checking if OPENSSL_NO_ENGINE is defined in opensslconf.h.
---
configure.ac | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 2f65cbd5..1adfb9d4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -927,11 +927,17 @@ if test "${with_crypto_library}" = "openssl"; then
[AC_LANG_PROGRAM(
[[
#include <openssl/opensslv.h>
+ #include <openssl/opensslconf.h>
]],
[[
/* Version encoding: MNNFFPPS - see opensslv.h for details */
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #error Engine supported disabled by default in OpenSSL 3.0+
+ #error Engine support disabled by default in OpenSSL 3.0+
+ #endif
+
+ /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */
+ #ifdef OPENSSL_NO_ENGINE
+ #error Engine support disabled by default in openssl/opensslconf.h
#endif
]]
)],
--
2.41.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
