Re: OpenSMTPD 7.5.0 RC1
The new OpenSMTPD 7.5.0rc1 works well with LibreSSL on Slackware64 Linux. My compile script uses CFLAGS and LDFLAGS like this: CFLAGS="... -I/usr/include/libressl" \ LDFLAGS="-L/usr/lib64/libressl -lcrypto -lssl \ -Wl,-rpath=/usr/lib64/libressl" \ ./configure \ ... It solves the git problem 1188, "configure: error: Your LibreSSL headers do not match your library". And it works even when I don't have LibreSSL installed and just have OpenSSL 1 installed. This version works on 32-bit Slackware: CFLAGS="... -I/usr/include/libressl" \ LDFLAGS="-L/usr/lib/libressl -lcrypto -lssl \ -Wl,-rpath=/usr/lib/libressl" \ ./configure \ ... Richard Narron
Re: OpenSMTPD 7.5.0 RC1
On Fri, 8 Mar 2024, Omar Polo wrote: ... > Tarballs are available on the official mirror or on GitHub: > > https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz > https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1 > > Verify the tarball with signify(1) and the usual public key: > > https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig > https://opensmtpd.org/archives/opensmtpd-20181026.pub I get an error trying to validate the sha256 checksum: $ sha256sum -c opensmtpd-7.5.0rc1.sum opensmtpd-7.5.0rc1.tar.gz: FAILED sha256sum: WARNING: 1 computed checksum did NOT match Regards, Richard Narron
Re: OpenSMTPD 7.4.0 rc1
Thank You! I'm testing it on several machines and so far it is good.
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Sun, 4 Jun 2023, Omar Polo wrote: > Haven't noticed that there isn't a way to force the usage of the > bundled libasr. I've added the configure knob --with-bundled-libasr > and included it in the release-7.3 branch (no new RC this time though) I just tested my June 4 snapshot on a Slackware 15.0 32-bit (Intel Pentium 4) and it runs fine.
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Sun, 4 Jun 2023, Omar Polo wrote: > On 2023/06/03 09:08:05 -0700, Richard Narron wrote: > > In order to use the bundled libasr, I had to uninstall my existing libasr > > slackware build (port). > > > > It would be nice to have a --with-bundled-libasr option for the build. > > Then It could ignore an existing installed libasr. > > Haven't noticed that there isn't a way to force the usage of the > bundled libasr. I've added the configure knob --with-bundled-libasr > and included it in the release-7.3 branch (no new RC this time though) > Thanks for the fix! The --with-bundled-libasr option works well. If I use it it ignores an existing libasr library. If I don't use it, and don't have a libasr library then it uses the bundled libasr anyway. To Build it I downloaded the OpenSMTPD.zip, unpacked it and then ran the "bootstrap" script which calls autoconf. It looks good and runs fine so far.
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Sat, 3 Jun 2023, Omar Polo wrote: > To stay on the safe side for this release I've re-added > --with-path-CAfile. Please note that it only has effect when building > the bundled libtls, as otherwise I don't have control over what > tls_default_ca_cert_file() returns. > > It's in the just-relased rc2, which also updates the bundled libasr > and so addresses OpenBSD 7.2 errata #22. > Thanks for the good work! I'm using the --with-path-CAfile configure option. I set --with-bundled-libtls even though the build automatically uses the bundled libtls because I do not have another libtls installed. In order to use the bundled libasr, I had to uninstall my existing libasr slackware build (port). It would be nice to have a --with-bundled-libasr option for the build. Then It could ignore an existing installed libasr. So far it looks good. I will keep testing.
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Fri, 2 Jun 2023, Omar Polo wrote:
> Hello,
>
> Thanks for testing!
Thanks for all the work of upgrading OpenSMTPD compatible again!
>
> On 2023/06/01 10:35:39 -0700, Richard Narron wrote:
> > On Thu, 1 Jun 2023, Richard Narron wrote:
> >
> > > I will modify the build to remove the --with-path-CAfile
> > > configure option and add a symbolic link for /etc/ssl/cert.pem
> >
> > The symbolic link in my build is not good idea because
> > it erases the cert.pem file which may be in use by other applications.
> >
> > I am better off patching the OpenSMTPD source code instead.
> >
> > Why is the --with-path-CAfile option removed?
>
> since the last release OpenSMTPD switched to libtls and stopped to
> hardcode into itself the path to the ca file, so I removed the unused
> option.
>
> libtls (which is bundled in openbsd-compat/libtls/) uses[*] OpenSSL'
> X509_get_default_cert_file() to load the default ca file. I've tested
> and on Slackware 15 it returns "/etc/ssl/cert.pem", which is strange.
> For comparison, on Centos 7 (I had to fix a build issue there...)
> which doesn't have /etc/ssl/cert.pem too it returns
> /etc/pki/tls/cert.pem.
>
> I'm not against re-adding --with-path-CAfile, but is it something
> that's needed often on Slackware? I don't seem to find libretls
> ported, but if it'll ever be packaged it would need a similar
> treatment.
>
> [*] well, on OpenBSD it has /etc/ssl/cert.pem hardcoded. To make in
> portable I changed it to use what OpenSSL thinks it's the default,
> which is the same thing done in libretls, a version of libtls
> targetting OpenSSL instead of LibreSSL.
If more BSD/Linux/other systems need to hardcode the CAfile, then it might
be useful to have the --with-path-CAfile
But the patch for Slackware is trivial:
--- opensmtpd-7.3.0p0-rc1/openbsd-compat/libtls/tls_config.c.orig
2023-05-25 04:32:34.0 -0700
+++ opensmtpd-7.3.0p0-rc1/openbsd-compat/libtls/tls_config.c2023-06-02
05:55:31.482390836 -0700
@@ -33,7 +33,7 @@
const char *
tls_default_ca_cert_file(void)
{
- return X509_get_default_cert_file();
+ return "/etc/ssl/certs/ca-certificates.crt";
}
int
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
On Thu, 1 Jun 2023, Richard Narron wrote: > I will modify the build to remove the --with-path-CAfile > configure option and add a symbolic link for /etc/ssl/cert.pem The symbolic link in my build is not good idea because it erases the cert.pem file which may be in use by other applications. I am better off patching the OpenSMTPD source code instead. Why is the --with-path-CAfile option removed?
Re: OpenSMTPD 7.3.0p0 rc1 -- please test!
OpenSMTPD 7.3.0p0 rc1 builds okay on Slackware 15.0 (stable) but displays this configure warning message: configure: WARNING: unrecognized options: --with-path-CAfile Testing smtpd failed at first The program started, but stopped immediately with an error message: smtpd[10147]: info: OpenSMTPD 7.3.0-portable starting smtpd[10152]: dispatcher: tls_config_set_ca_file: failed to open CA file '/etc/ssl/cert.pem': No such file or directory smtpd[10148]: smtpd: process control socket closed Slackware 15.0 does not have an /etc/ssl/cert.pem file, but does have a ca-certificates.crt file... So I created a symbolic link from /etc/ssl/cert.pem to the ca-certificates.crt file and smtpd now starts up fine. It works with simple local email. I will modify the build to remove the --with-path-CAfile configure option and add a symbolic link for /etc/ssl/cert.pem I will keep testing and see if it breaks...
Re: OpenSMTPD build on OpenSSL 1.1.x
The OpenSMTPD portable version from https://github.com/OpenSMTPD/OpenSMTPD works fine on Slackware64 current with OpenSSL 1.1.1c and gcc 9.2 It took me a while to get it to work though. I first downloaded the "current" portable version from https://opensmtpd.org/archives/opensmtpd-6.4.2p1.tar.gz And I got errors very similar to those of Denis Fateyev on Fedora 30. Next I downloaded the portable version from github.com and found that autoconf had not been run and this was no good. Finally I discovered the post on the mailing list which mentioned the "bootstrap" script and then I was able to download and build the portable version from git. The code shows version "6.6.0-portable". It runs fine on Slackware64 current and I'm happy that it now works with OpenSSL 1.1 Regards, Richard Narron
OpenSSL 1.1.1 is released
OpenSSL 1.1.1 Is Released Posted by Matt Caswell , Sep 11th, 2018 12:00 pm After two years of work we are excited to be releasing our latest version today - OpenSSL 1.1.1. This is also our new Long Term Support (LTS) version and so we are committing to support it for at least five years... https://www.openssl.org/blog/blog/2018/09/11/release111/ -Richard Narron -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
