Created attachment 523556 [details, diff] Patch out bad substitute functions for libressl net-vpn/open-vpn-2.4.5 fails when configured to build against >=libressl-2.6.4: > In file included from crypto_openssl.c:44:0: > openssl_compat.h:717:1: error: conflicting types for ‘SSL_CTX_set_min_proto_version’ > SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In file included from openssl_compat.h:45:0, > from crypto_openssl.c:44: > /usr/include/openssl/ssl.h:1175:5: note: previous declaration of ‘SSL_CTX_set_min_proto_version’ was here > int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In file included from crypto_openssl.c:44:0: > openssl_compat.h:746:1: error: conflicting types for ‘SSL_CTX_set_max_proto_version’ > SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > In file included from openssl_compat.h:45:0, > from crypto_openssl.c:44: > /usr/include/openssl/ssl.h:1176:5: note: previous declaration of ‘SSL_CTX_set_max_proto_version’ was here > int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version); > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > make[3]: *** [Makefile:718: crypto_openssl.o] Error 1 Given the package claims support for libressl, it shouldn't fail like this. It appears that openvpn is making the huge assumption that the functions like these are always defines to other functions, whereas in libressl (at least >=2.6.4, which is what I have installed) these are not. Compare libressl's ssl.h to openssl's ssl.h: Libressl: > int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version); > int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version); Openssl: > #define SSL_CTX_set_min_proto_version(ctx, version) \ > SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) > #define SSL_CTX_set_max_proto_version(ctx, version) \ > SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) Openvpn is testing if these exist with ifdef, which clearly won't work against libressl. I've attached a patch that works, but may not be the best solution. I'm also going to raise the issue upstream on openvpn.
https://community.openvpn.net/openvpn/ticket/1038 raised upstream, but given they officially don't support libressl, I'm not sure if anything will happen.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5788ebc0a13f19bb93a49f2f9b8d10902cb0fcc1 Fixed.