Ntpsec - all available version is incompatible with Libressl-3.2.1. Configure says: Checking for 'libseccomp' : yes Checking for header dns_sd.h : not found Checking for OpenSSL with TLSv1.3 support : no The configuration failed (complete log in /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log) * ERROR: net-misc/ntpsec-1.1.9::gentoo failed (configure phase): * configure failed Reproducible: Always
Created attachment 669029 [details] /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log
build.log will be useful too, thanks, with emerge --info.
Created attachment 669212 [details] emerge --info
Created attachment 669215 [details] net-misc:ntpsec-1.1.9:20201028-225516.log
the same with dev-libs/libressl-3.2.2 from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8/build/config.log: Checking for OpenSSL with TLSv1.3 support ==> #include <openssl/tls1.h> #ifndef TLS1_3_VERSION #error OpenSSL must have support for TLSv1.3 #endif int main(void) { return 0; } <== [1/2] Compiling build/.conf_check_aaba67a6be989f389584fb90941f5e51/test.c ['x86_64-pc-linux-gnu-gcc', '-DUNITY_EXCLUDE_FLOAT_PRINT', '-fstack-protector-all', '-Wshadow', '-Wpacked', '-Wcast-qual', '-Wmissing-declarations', '-Wdisabled-optimization', '-Wimplicit-function-declaration', '-Winvalid-pch', '-Wpointer-arith', '-Wwrite-strings', '-Winit-self', '-Wfloat-equal', '-Wformat', '-Wformat-signedness', '-Wformat-se> err: ../../test.c:5:2: error: #error OpenSSL must have support for TLSv1.3 5 | #error OpenSSL must have support for TLSv1.3 | ^~~~~ from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: Test does not build: Traceback (most recent call last): File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Configure.py", line 335, in run_build bld.compile() File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Build.py", line 176, in compile raise Errors.BuildError(self.producer.error) waflib.Errors.BuildError: Build failed -> task in 'testprog' failed with exit status 1 (run with -v to display more information) no from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: The configuration failed from /usr/include/openssl/tls1.h: #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) #define TLS1_3_VERSION 0x0304 #endif I think LIBRESSL_HAS_TLS1_3 is not defined. Where and when should it be defined? In libressl or in the other packages? I am chasing a TLS-1.3 problem in mpv with ffmpeg and libressl (libtls).
/var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h: /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ /* #define LIBRESSL_HAS_TLS1_3 */ Should we enable it in libressl ebuild somehow?
(In reply to jospezial from comment #6) > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h: > > /* > * Feature flags for LibreSSL... so you can actually tell when things > * are enabled, rather than not being able to tell when things are > * enabled (or possibly not yet not implemented, or removed!). > */ > /* #define LIBRESSL_HAS_TLS1_3 */ > > Should we enable it in libressl ebuild somehow? After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl the configure of net-misc/ntpsec succeeds. Checking for header dns_sd.h : not found Checking for OpenSSL with TLSv1.3 support : yes Checking for OpenSSL != 1.1.1a : yes Writing configuration header: : config.h
TLSv1.3 support is not complete or different in libressl-3.2.2. After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and SSL_SESSION_is_resumable was not declared.
(In reply to jospezial from comment #8) > TLSv1.3 support is not complete or different in libressl-3.2.2. > > After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h > and recompiling libressl > then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and > SSL_SESSION_is_resumable was not declared. Needs to be tested again with libressl-3.3.0 .
jospezial, please see this comment by Theo Buehler: https://github.com/libressl-portable/portable/issues/228#issuecomment-736544468
It checks for the #define TLS1_3_VERSION from openssl/tls1.h Later it checks that #define OPENSSL_VERSION_NUMBER is not 0x1010101fL in openssl/opensslv.h And requires among others the following functions but these are not checked for at configure time: - SSL_CTX_set_alpn_protos - SSL_CTX_set_alpn_select_cb - SSL_export_keying_material - SSL_get0_alpn_selected If libressl does not supply those it might be possible to manually compile with --disable-nts
