On Fri, Jul 08, 2022 at 12:33:18AM +0200, Theo Buehler wrote: > On Sun, Jul 03, 2022 at 05:42:05PM +0000, Klemens Nanni wrote: > > On Sun, Jul 03, 2022 at 06:16:02PM +0200, Theo Buehler wrote: > > > > Now with feedback from sthen@, diff between the tarballs: > > > > https://github.com/jasperla/openbsd-wip/commit/554d6e575 > > > > > > > > Feedback? OK? > > > > > > distinfo still contains the patchfile > > > > > > I'd like to have a more specific comment to justify use of eopenssl11: > > > > > > # Can't use LibreSSL since X509_VERIFY_PARAM_get_time missing from > > > libcrypto. > > > # Need to add OPENSSL_memdup with patch and neuter SHA-3; choice between > > > the 1.1 > > > # and 1.0 codepaths is a bit tricky. > > > > Thanks for both, I went with this comment: > > > > # Can't use LibreSSL since X509_VERIFY_PARAM_get_time is missing from > > libcrypto. > > # Need to add OPENSSL_memdup with patch and neuter SHA-3; > > # choice between the 1.1 and 1.0 codepaths is a bit tricky. > > Here's a version that links against LibreSSL. All tests fail with > bad_alloc(0), but that is also the case with the version linked against > OpenSSL. Perhaps I'm doing something wrong.
I also see a bad_alloc segfault at runtime, this seems entirely unrelated to Open/LibreSSL. > You need libcrypto.so.49.1 for this to build since I added the missing > X509_VERIFY_PARAM_get_time() in today's bump. There's a bit of patching, > but I think it's not too bad. If this works for your purposes, I guess > that'd be preferable over linking against eopenssl11. Not too bad at all, thanks a lot, Theo! digidoc-tool(1) keeps working and crashing the same ways it did with OpenSSL. I'm glad to import this version, but using LibreSSL here means I need to switch over the upcoming security/qdigidoc4 port (Qt5 GUI), otherwise OpenSSL qdigidoc4 linked against LibreSSL libdigidocpp segfaults upon start. I'll give this a go and send the qdigidoc4 port soon.
