svn commit: r506516 - head/security/openvpn

Matthias Andree mandree at FreeBSD.org
Sat Jul 13 08:31:15 UTC 2019 

Author: mandree
Date: Sat Jul 13 08:31:14 2019
New Revision: 506516
URL: https://svnweb.freebsd.org/changeset/ports/506516

Log:
  OpenVPN won't compile with LibreSSL, mark IGNORE.
  
  Upstream maintainers are massively pushing back against patches
  offered so far with valid and concrete technical reasons and unsuitability
  of the LibreSSL version API that will create a maintenance nightmare.
  (And LibreSSL abusing the OpenSSL API.)
  
  PR:		238382
  Submitted by:	pizzamig

Modified:
  head/security/openvpn/Makefile

Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile	Sat Jul 13 08:30:05 2019	(r506515)
+++ head/security/openvpn/Makefile	Sat Jul 13 08:31:14 2019	(r506516)
@@ -41,7 +41,7 @@ OPTIONS_SINGLE=		SSL
 OPTIONS_SINGLE_SSL=	OPENSSL MBEDTLS
 PKCS11_DESC=		Use security/pkcs11-helper
 EASYRSA_DESC=		Install security/easy-rsa RSA helper package
-MBEDTLS_DESC=		SSL/TLS via mbedTLS
+MBEDTLS_DESC=		SSL/TLS via mbedTLS (lacks TLS v1.3)
 TUNNELBLICK_DESC=	Tunnelblick XOR scramble patch (READ HELP!)
 X509ALTUSERNAME_DESC=	Enable --x509-username-field (OpenSSL only)
 SMALL_DESC=		Build a smaller executable with fewer features
@@ -62,6 +62,7 @@ X509ALTUSERNAME_PREVENTS_MSG=	OpenVPN ${DISTVERSION} c
 
 OPENSSL_USES=		ssl
 OPENSSL_CONFIGURE_ON=	--with-crypto-library=openssl
+IGNORE_SSL=		libressl libressl-devel
 
 LZ4_CONFIGURE_OFF=	--disable-lz4
 
@@ -113,17 +114,6 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
 .else
 # OpenSSL
 _tlslibs=libssl libcrypto
-.endif
-
-.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
-pre-everything::
-	@${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
-	@${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
-	@${ECHO_CMD} "You may wish to change your default SSL library"
-	@${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
-.  if !(defined(PACKAGE_BUILDING) || defined(BATCH))
-	@sleep 10
-.  endif
 .endif
 
 # sanity check that we don't inherit incompatible SSL libs through,

More information about the svn-ports-all mailing list