Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650266 - net-vpn/openvpn-2.4.5 USE=libressl - In file included from crypto_openssl.c:44:0: openssl_compat.h:717:1: error: conflicting types for ‘SSL_CTX_set_min_proto_version’
Summary: net-vpn/openvpn-2.4.5 USE=libressl - In file included from crypto_openssl.c:4...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Patrick McLean
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2018-03-12 10:47 UTC by faminebadger
Modified: 2018-04-16 17:32 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch out bad substitute functions for libressl (libressl.patch,812 bytes, patch)
2018-03-12 10:47 UTC, faminebadger 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description faminebadger 2018-03-12 10:47:06 UTC 
Created attachment 523556 [details, diff]
Patch out bad substitute functions for libressl

net-vpn/open-vpn-2.4.5 fails when configured to build against >=libressl-2.6.4:

> In file included from crypto_openssl.c:44:0:
> openssl_compat.h:717:1: error: conflicting types for ‘SSL_CTX_set_min_proto_version’
>  SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
>  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from openssl_compat.h:45:0,
>                  from crypto_openssl.c:44:
> /usr/include/openssl/ssl.h:1175:5: note: previous declaration of ‘SSL_CTX_set_min_proto_version’ was here
>  int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from crypto_openssl.c:44:0:
> openssl_compat.h:746:1: error: conflicting types for ‘SSL_CTX_set_max_proto_version’
>  SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
>  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from openssl_compat.h:45:0,
>                  from crypto_openssl.c:44:
> /usr/include/openssl/ssl.h:1176:5: note: previous declaration of ‘SSL_CTX_set_max_proto_version’ was here
>  int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
>      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> make[3]: *** [Makefile:718: crypto_openssl.o] Error 1

Given the package claims support for libressl, it shouldn't fail like this.

It appears that openvpn is making the huge assumption that the functions like these are always defines to other functions, whereas in libressl (at least >=2.6.4, which is what I have installed) these are not.

Compare libressl's ssl.h to openssl's ssl.h:

Libressl:
> int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
> int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);

Openssl:
> #define SSL_CTX_set_min_proto_version(ctx, version) \
>         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
> #define SSL_CTX_set_max_proto_version(ctx, version) \
>         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)

Openvpn is testing if these exist with ifdef, which clearly won't work against libressl.

I've attached a patch that works, but may not be the best solution.  I'm also going to raise the issue upstream on openvpn.
Comment 1 faminebadger 2018-03-12 11:04:09 UTC 
https://community.openvpn.net/openvpn/ticket/1038 raised upstream, but given they officially don't support libressl, I'm not sure if anything will happen.