| Summary: | net-misc/ntpsec: fails to detect TLSv1.3 support with libressl-3.2.1 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jacekalex <wampir98> |
| Component: | Current packages | Assignee: | Steve Arnold <nerdboy> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | blueness, jamesb.fe80, sam |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 561854 | ||
| Attachments: |
/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log
emerge --info net-misc:ntpsec-1.1.9:20201028-225516.log |
||
|
Description
Jacekalex
2020-10-28 23:05:44 UTC
Created attachment 669029 [details]
/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_7/build/config.log
build.log will be useful too, thanks, with emerge --info. Created attachment 669212 [details]
emerge --info
Created attachment 669215 [details]
net-misc:ntpsec-1.1.9:20201028-225516.log
the same with dev-libs/libressl-3.2.2
from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8/build/config.log:
Checking for OpenSSL with TLSv1.3 support
==>
#include <openssl/tls1.h>
#ifndef TLS1_3_VERSION
#error OpenSSL must have support for TLSv1.3
#endif
int main(void) {
return 0;
}
<==
[1/2] Compiling build/.conf_check_aaba67a6be989f389584fb90941f5e51/test.c
['x86_64-pc-linux-gnu-gcc', '-DUNITY_EXCLUDE_FLOAT_PRINT', '-fstack-protector-all', '-Wshadow', '-Wpacked', '-Wcast-qual', '-Wmissing-declarations', '-Wdisabled-optimization', '-Wimplicit-function-declaration', '-Winvalid-pch', '-Wpointer-arith', '-Wwrite-strings', '-Winit-self', '-Wfloat-equal', '-Wformat', '-Wformat-signedness', '-Wformat-se>
err: ../../test.c:5:2: error: #error OpenSSL must have support for TLSv1.3
5 | #error OpenSSL must have support for TLSv1.3
| ^~~~~
from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: Test does not build: Traceback (most recent call last):
File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Configure.py", line 335, in run_build
bld.compile()
File "/var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9/.waf3-2.0.20-36f5354d605298f6a89c09e0c7ef6c1d/waflib/Build.py", line 176, in compile
raise Errors.BuildError(self.producer.error)
waflib.Errors.BuildError: Build failed
-> task in 'testprog' failed with exit status 1 (run with -v to display more information)
no
from /var/tmp/portage/net-misc/ntpsec-1.1.9/work/ntpsec-1.1.9-python3_8: The configuration failed
from /usr/include/openssl/tls1.h:
#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
#define TLS1_3_VERSION 0x0304
#endif
I think LIBRESSL_HAS_TLS1_3 is not defined.
Where and when should it be defined? In libressl or in the other packages?
I am chasing a TLS-1.3 problem in mpv with ffmpeg and libressl (libtls).
/var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h: /* * Feature flags for LibreSSL... so you can actually tell when things * are enabled, rather than not being able to tell when things are * enabled (or possibly not yet not implemented, or removed!). */ /* #define LIBRESSL_HAS_TLS1_3 */ Should we enable it in libressl ebuild somehow? (In reply to jospezial from comment #6) > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h: > > /* > * Feature flags for LibreSSL... so you can actually tell when things > * are enabled, rather than not being able to tell when things are > * enabled (or possibly not yet not implemented, or removed!). > */ > /* #define LIBRESSL_HAS_TLS1_3 */ > > Should we enable it in libressl ebuild somehow? After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl the configure of net-misc/ntpsec succeeds. Checking for header dns_sd.h : not found Checking for OpenSSL with TLSv1.3 support : yes Checking for OpenSSL != 1.1.1a : yes Writing configuration header: : config.h TLSv1.3 support is not complete or different in libressl-3.2.2. After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/opensslfeatures.h and recompiling libressl then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and SSL_SESSION_is_resumable was not declared. (In reply to jospezial from comment #8) > TLSv1.3 support is not complete or different in libressl-3.2.2. > > After uncommenting /* #define LIBRESSL_HAS_TLS1_3 */ in > /var/tmp/portage/dev-libs/libressl-3.2.2/work/libressl-3.2.2/include/openssl/ > opensslfeatures.h > and recompiling libressl > then dev-qt/qtnetwork-5.15.9999 says SSL_set_psk_use_session_callback and > SSL_SESSION_is_resumable was not declared. Needs to be tested again with libressl-3.3.0 . jospezial, please see this comment by Theo Buehler: https://github.com/libressl-portable/portable/issues/228#issuecomment-736544468 It checks for the #define TLS1_3_VERSION from openssl/tls1.h Later it checks that #define OPENSSL_VERSION_NUMBER is not 0x1010101fL in openssl/opensslv.h And requires among others the following functions but these are not checked for at configure time: - SSL_CTX_set_alpn_protos - SSL_CTX_set_alpn_select_cb - SSL_export_keying_material - SSL_get0_alpn_selected If libressl does not supply those it might be possible to manually compile with --disable-nts |
