[Bug 212149] security/strongswan incompatibility with libressl 2.4

Fri Oct 28 00:04:42 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149

dewayne at heuristicsystems.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dewayne at heuristicsystems.co
                   |                            |m.au

--- Comment #6 from dewayne at heuristicsystems.com.au ---
(In reply to Franco Fichtner from comment #5)
I'd hoped that 5.5.1 may have fixed the problem but (on virgin systems with no
configuration settings) ...

On FreeBSD10.3Stable amd64 with libressl using gcc5
# /usr/local/libexec/ipsec/charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, FreeBSD 10.3-STABLE,
amd64)
00[LIB] plugin 'openssl' failed to load:
/usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol
"RSA_set0_factors"

# ldd /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so
/usr/local/lib/ipsec/plugins/libstrongswan-openssl.so:
        libcrypto.so.38 => /usr/local/lib/libcrypto.so.38 (0x801613000)
        libc.so.7 => /lib/libc.so.7 (0x800822000)

# grep LIBRESSL_VERSION_NUMBER /usr/ports/security/strongswan/*/*
/usr/ports/security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__plugin.c:+#if
OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

On i386 and security/openssl and gcc5 otherwise same make.conf, we get
# /usr/local/libexec/ipsec/charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, FreeBSD 10.3-STABLE,
i386)
00[KNL] unable to create PF_KEY socket
00[NET] could not open socket: Protocol not supported
... 

Looks like libstrongswan-openssl is looking for openssl internal symbols?

-- 
You are receiving this mail because:
You are the assignee for the bug.