svn commit: r506516 - head/security/openvpn
Matthias Andree
mandree at FreeBSD.org
Sat Jul 13 08:31:15 UTC 2019
Author: mandree
Date: Sat Jul 13 08:31:14 2019
New Revision: 506516
URL: https://svnweb.freebsd.org/changeset/ports/506516
Log:
OpenVPN won't compile with LibreSSL, mark IGNORE.
Upstream maintainers are massively pushing back against patches
offered so far with valid and concrete technical reasons and unsuitability
of the LibreSSL version API that will create a maintenance nightmare.
(And LibreSSL abusing the OpenSSL API.)
PR: 238382
Submitted by: pizzamig
Modified:
head/security/openvpn/Makefile
Modified: head/security/openvpn/Makefile
==============================================================================
--- head/security/openvpn/Makefile Sat Jul 13 08:30:05 2019 (r506515)
+++ head/security/openvpn/Makefile Sat Jul 13 08:31:14 2019 (r506516)
@@ -41,7 +41,7 @@ OPTIONS_SINGLE= SSL
OPTIONS_SINGLE_SSL= OPENSSL MBEDTLS
PKCS11_DESC= Use security/pkcs11-helper
EASYRSA_DESC= Install security/easy-rsa RSA helper package
-MBEDTLS_DESC= SSL/TLS via mbedTLS
+MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3)
TUNNELBLICK_DESC= Tunnelblick XOR scramble patch (READ HELP!)
X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only)
SMALL_DESC= Build a smaller executable with fewer features
@@ -62,6 +62,7 @@ X509ALTUSERNAME_PREVENTS_MSG= OpenVPN ${DISTVERSION} c
OPENSSL_USES= ssl
OPENSSL_CONFIGURE_ON= --with-crypto-library=openssl
+IGNORE_SSL= libressl libressl-devel
LZ4_CONFIGURE_OFF= --disable-lz4
@@ -113,17 +114,6 @@ _tlslibs=libmbedtls libmbedx509 libmbedcrypto
.else
# OpenSSL
_tlslibs=libssl libcrypto
-.endif
-
-.if ${SSL_DEFAULT:Mlibressl*} && empty(PORT_OPTIONS:MMBEDTLS)
-pre-everything::
- @${ECHO_CMD} "WARNING: OpenVPN does not officially support LibreSSL."
- @${ECHO_CMD} "If things break, rebuild with OpenSSL or mbedTLS."
- @${ECHO_CMD} "You may wish to change your default SSL library"
- @${ECHO_CMD} "and press Ctrl+C within the next 10 seconds to abort."
-. if !(defined(PACKAGE_BUILDING) || defined(BATCH))
- @sleep 10
-. endif
.endif
# sanity check that we don't inherit incompatible SSL libs through,
More information about the svn-ports-all
mailing list