On Sun, 3 Sep 2023 09:17:21 -0700 orbea <or...@riseup.net> wrote: > On Sun, 3 Sep 2023 16:47:31 +0200 > Antonio Quartulli <a...@unstable.cc> wrote: > > > Hi, > > > > On 03/09/2023 16:29, or...@riseup.net wrote: > > > From: orbea <or...@riseup.net> > > > > > > Starting with LibreSSL 3.8.1 the engines have been removed which > > > causes the OpenVPN build to fail. This can be solved during > > > configure by checking if OPENSSL_NO_ENGINE is defined in > > > opensslconf.h. --- > > > configure.ac | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/configure.ac b/configure.ac > > > index 2f65cbd5..b5a835dc 100644 > > > --- a/configure.ac > > > +++ b/configure.ac > > > @@ -926,11 +926,12 @@ if test "${with_crypto_library}" = > > > "openssl"; then AC_COMPILE_IFELSE( > > > [AC_LANG_PROGRAM( > > > [[ > > > + #include <openssl/opensslconf.h> > > > #include <openssl/opensslv.h> > > > ]], > > > [[ > > > /* Version encoding: MNNFFPPS - see > > > opensslv.h for details */ > > > - #if OPENSSL_VERSION_NUMBER >= 0x30000000L > > > + #if OPENSSL_VERSION_NUMBER >= 0x30000000L || > > > defined(OPENSSL_NO_ENGINE) #error Engine supported disabled by > > > default in OpenSSL 3.0+ > > > > Maybe the message should be changed now? Or we could have an > > entirely different message for this case? > > > > Cheers, > > > > > #endif > > > ]] > > > > Do you think it might be preferable to only check OPENSSL_NO_ENGINE? I > see other code bases such as Tor only checking that define. > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Here is a patch that preserves the version check and adds a second check for OPENSSL_NO_ENGINE which seems to also be useful for BoringSSL. >From d6700ec0f5af2522bb4eb136d3760f5b1445c9d1 Mon Sep 17 00:00:00 2001 From: orbea <or...@riseup.net> Date: Sat, 2 Sep 2023 23:06:22 -0700 Subject: [PATCH] configure: disable engines if OPENSSL_NO_ENGINE is defined Starting with LibreSSL 3.8.1 the engines have been removed which causes the OpenVPN build to fail. This can be solved during configure by checking if OPENSSL_NO_ENGINE is defined in opensslconf.h. --- configure.ac | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 2f65cbd5..1adfb9d4 100644 --- a/configure.ac +++ b/configure.ac @@ -927,11 +927,17 @@ if test "${with_crypto_library}" = "openssl"; then [AC_LANG_PROGRAM( [[ #include <openssl/opensslv.h> + #include <openssl/opensslconf.h> ]], [[ /* Version encoding: MNNFFPPS - see opensslv.h for details */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L - #error Engine supported disabled by default in OpenSSL 3.0+ + #error Engine support disabled by default in OpenSSL 3.0+ + #endif + + /* BoringSSL and LibreSSL >= 3.8.1 removed engine support */ + #ifdef OPENSSL_NO_ENGINE + #error Engine support disabled by default in openssl/opensslconf.h #endif ]] )], -- 2.41.0 _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel