[Bug 212149] security/strongswan: Runtime failures with LibreSSL
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Aug 25 23:11:22 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149
--- Comment #29 from dewayne at heuristicsystems.com.au ---
(In reply to Franco Fichtner from comment #28)
Thanks Franco.
Strongswan 5.6.0 builds on my FreeBSD 11.1 Stable i386/amd64. Unfortunately on
libressl,
# /usr/local/libexec/ipsec/charon
coughs up
00[LIB] plugin 'openssl' failed to load:
/usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol
"X509_get0_signature"
with libressl 2.5.5.
Sequence
-1. svnlite update --accept=tc /usr/ports
0. Rebuild all ports, strongswan failed (due to previous files/patch*)
1. remove /usr/ports/security/strongswan
2. svnlite update /usr/ports/security/strongswan
3. make -C /usr/ports/security/strongswan clean package
4. Installed the package
5. /usr/local/libexec/ipsec/charon
Plugin failed.
Applied /usr/include/openssl/opensslv.h patch (below) for
OPENSSL_VERSION_NUMBER changes and modified my make.conf to include
CFLAGS+= -DOPENSSL_IS_LIBRESSL
Same failure result.
With openssl (not libressl), strongswan 5.6.0 builds and runs.
Patch applied was restated from
https://github.com/opnsense/ports/commit/d76955f3d
#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.5"
/* These will never change */
#ifndef OPENSSL_IS_LIBRESSL
#define OPENSSL_VERSION_NUMBER 0x20000000L /* Suggested by
https://github.com/opnsense/ports/commit/d76955f3d */
#else
#define OPENSSL_VERSION_NUMBER 0x1000107fL
#endif /* OPENSSL_IS_LIBRESSL */
/* For libressl 2.5.5 this is/should be # define OPENSSL_VERSION_NUMBER
0x100020bfL */
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list