/usr/portage/net-misc/openvpn/openvpn-2.4.0.ebuild contains the following line: $(usex mbedtls 'with-crypto-library' 'mbedtls' '' '') \ My /etc/portage/package.use contains: net-misc/openvpn -pam examples mbedtls When performing emerge of openvpn this then leads to the following configure step: >>> Configuring source in /var/tmp/portage/net-misc/openvpn-2.4.0/work/openvpn-2.4.0 ... * econf: updating openvpn-2.4.0/config.sub with /usr/share/gnuconfig/config.sub * econf: updating openvpn-2.4.0/config.guess with /usr/share/gnuconfig/config.guess ./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --docdir=/usr/share/doc/openvpn-2.4.0 --htmldir=/usr/share/doc/openvpn-2.4.0/html --libdir=/usr/lib64 --with-plugindir=//usr/lib64/openvpn with-crypto-library --disable-async-push --enable-crypto --disable-lz4 --enable-lzo --disable-pkcs11 --enable-plugins --enable-iproute2 --disable-plugin-auth-pam --disable-plugin-down-root --disable-tests --disable-systemd Note the bare string "with-crypto-library". I believe this should say "--with-crypto-library=mbedtls". As a quick and dirty fix I made an overlay ebuild with this modified line: $(usex mbedtls '--with-crypto-library=mbedtls' '' '' '') \ As I'm more of a gentoo user than a developer, I don't know if there's a more elegant way of writing the above. Anyway the resulting compile works, and the mbedtls libraries are used.
Just to clarify that the outcome of this bug, with an unmodified ebuild, is that the compile goes ahead, the binaries are built but the daemon that runs announces to syslog that it is using OpenSSL. OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 13 2017 In other words, the USE flag is ignored. When the configure line is corrected, and it's recompiled, the daemon reports "mbed TLS" as expected. OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (mbed TLS)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 13 2017
commit 710355ef28028341349d7811cc631c7588c7ee55 Author: Manuel Rüger <mrueg@gentoo.org> Date: Tue Jan 24 16:23:28 2017 +0100 net-misc/openvpn: Fix USE=mbedtls Thanks to Chris Box Gentoo-Bug: #605886 Package-Manager: Portage-2.3.3, Repoman-2.3.1