Summary: | net-misc/ntpsec: fails to detect TLSv1.3 support with libressl-3.2.1 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jacekalex <wampir98> |
Component: | Current packages | Assignee: | Steve Arnold <nerdboy> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | blueness, jamesb.fe80, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 561854 | ||
Attachments: |
/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log
emerge --info net-misc:ntpsec-1.1.9:20201028-225516.log |
Description
Jacekalex
2020-10-28 23:05:44 UTC
Created attachment 669029 [details]
/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log
build.log will be useful too, thanks, with emerge --info. Created attachment 669212 [details]
emerge --info
Created attachment 669215 [details]
net-misc:ntpsec-1.1.9:20201028-225516.log
the same with dev-libs/libressl-3.2.2 from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8/build/config.log: Checking for OpenSSL with TLSv1.3 support ==> #include <openssl/tls1.h> #ifndef TLS1_3_VERSION #error OpenSSL must have support for TLSv1.3 #endif int main(void) { return 0; } <== [1/2] Compiling build/.conf_check_aaba67a6be989f389584fb90941f5e51/test.c ['x86_64-pc-linux-gnu-gcc', '-DUNITY_EXCLUDE_FLOAT_PRINT', '-fstack-protector-all', '-Wshadow', '-Wpacked', '-Wcast-qual', '-Wmissing-declarations', '-Wdisabled-optimization', '-Wimplicit-function-declaration', '-Winvalid-pch', '-Wpointer-arith', '-Wwrite-strings', '-Winit-self', '-Wfloat-equal', '-Wformat', '-Wformat-signedness', '-Wformat-se> err: ../../test.c:5:2: error: #error OpenSSL must have support for TLSv1.3 5 | #error OpenSSL must have support for TLSv1.3 | ^~~~~ from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: Test does not build: Traceback (most recent call last): File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Configure.py", line 335, in run_build bld.compile() File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Build.py", line 176, in compile raise Errors.BuildError(self.producer.error) waflib.Errors.BuildError: Build failed -> task in 'testprog' failed with exit status 1 (run with -v to display more information) no from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: The configuration failed from /usr/include/openssl/tls1.h: #if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) #define TLS1_3_VERSION 0x0304 #endif I think LIBRESSL_HAS_TLS1_3 is not defined. Where and when should it be defined? In libressl or in the other packages? I am chasing a TLS-1.3 problem in mpv with ffmpeg and libressl (libtls). /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h: /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ /* #define LIBRESSL_HAS_TLS1_3 */ Should we enable it in libressl ebuild somehow? (In reply to jospezial from comment #6) > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h: > > /* > * Feature flags for LibreSSL... so you can actually tell when things > * are enabled, rather than not being able to tell when things are > * enabled (or possibly not yet not implemented, or removed!). > */ > /* #define LIBRESSL_HAS_TLS1_3 */ > > Should we enable it in libressl ebuild somehow? After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl the configure of net-misc/ntpsec succeeds. Checking for header dns_sd.h : not found Checking for OpenSSL with TLSv1.3 support : yes Checking for OpenSSL != 1.1.1a : yes Writing configuration header: : config.h TLSv1.3 support is not complete or different in libressl-3.2.2. After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and SSL_SESSION_is_resumable was not declared. (In reply to jospezial from comment #8) > TLSv1.3 support is not complete or different in libressl-3.2.2. > > After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h > and recompiling libressl > then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and > SSL_SESSION_is_resumable was not declared. Needs to be tested again with libressl-3.3.0 . jospezial, please see this comment by Theo Buehler: https://github.com/libressl-portable/portable/issues/228#issuecomment-736544468 It checks for the #define TLS1_3_VERSION from openssl/tls1.h Later it checks that #define OPENSSL_VERSION_NUMBER is not 0x1010101fL in openssl/opensslv.h And requires among others the following functions but these are not checked for at configure time: - SSL_CTX_set_alpn_protos - SSL_CTX_set_alpn_select_cb - SSL_export_keying_material - SSL_get0_alpn_selected If libressl does not supply those it might be possible to manually compile with --disable-nts |