libtool: compile: x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -DLOCALEDIR=\"/usr/share/locale\" -Wall -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-unused-parameter -Werror=pointer-to-int-cast -Wdeclaration-after-statement -Werror-implicit-function-declaration -Wformat-nonliteral -Wformat-security -Winit-self -Wmissing-declarations -Wmissing-include-dirs -Wnested-externs -Wpointer-arith -Wwrite-strings -I/usr/include/libxml2 -O2 -pipe -march=native -c openssl-dtls.c -fPIC -DPIC -o .libs/libopenconnect_la-openssl-dtls.o openssl-dtls.c: In function ‘start_dtls_handshake’: openssl-dtls.c:481:12: error: implicit declaration of function ‘SSL_CIPHER_find’; did you mean ‘sk_SSL_CIPHER_find’? [-Werror=implicit-function-declaration] SSL_CIPHER_find(dtls_ssl, cs), ^~~~~~~~~~~~~~~ sk_SSL_CIPHER_find ------------------------------------------------------------------- This is an unstable amd64 chroot image at a tinderbox (==build bot) name: 17.0_libressl_20190113-072420 ------------------------------------------------------------------- gcc-config -l: [1] x86_64-pc-linux-gnu-7.3.1 [2] x86_64-pc-linux-gnu-8.2.0 * Available Python interpreters, in order of preference: [1] python3.7 [2] python3.6 [3] python2.7 (fallback) Available Ruby profiles: [1] ruby24 (with Rubygems) * [2] ruby25 (with Rubygems) [3] ruby26 (with Rubygems) Available Rust versions: [1] rust-1.32.0 [2] rust-bin-1.32.0 * java-config: The following VMs are available for generation-2: emerge -qpvO net-vpn/openconnect [ebuild U ] net-vpn/openconnect-8.02 [7.08-r1] USE="libressl nls -doc -gnutls -gssapi -libproxy -lz4 -smartcard -static-libs -stoken (-java%)"
Created attachment 562056 [details] emerge-info.txt
Created attachment 562058 [details] emerge-history.txt
Created attachment 562060 [details] environment
Created attachment 562062 [details] etc.portage.tbz2
Created attachment 562064 [details] logs.tbz2
Created attachment 562066 [details] net-vpn:openconnect-8.02:20190118-192947.log
Created attachment 562068 [details] temp.tbz2
builds fine with gcc-8.3.0 and libressl-2.8.3
It does not with USE="-gnutls libressl". openssl-esp.c:40:25: error: static declaration of ‘HMAC_CTX_new’ follows non-static declaration static inline HMAC_CTX *HMAC_CTX_new(void) ^~~~~~~~~~~~ In file included from /usr/include/openssl/ssl.h:149, from openconnect-internal.h:45, from openssl-esp.c:25: /usr/include/openssl/hmac.h:86:11: note: previous declaration of ‘HMAC_CTX_new’ was here HMAC_CTX *HMAC_CTX_new(void); ^~~~~~~~~~~~ make[1]: *** [Makefile:1100: libopenconnect_la-openssl-esp.lo] Error If you build it with USE="libressl" it nevertheless builds with "gnutls", because of "+gnutls".
P.S. LibreSSL 2.8.3, openconnect 8.02.
(In reply to Stefan Strogin from comment #10) How about openconnect-8.03?
I sent a patch for this along with another fix for LibreSSL upstream: https://lists.infradead.org/pipermail/openconnect-devel/2019-August/005394.html https://lists.infradead.org/pipermail/openconnect-devel/2019-August/005395.html
(In reply to Philipp Ammann from comment #12) > I sent a patch for this along with another fix for LibreSSL upstream: > > https://lists.infradead.org/pipermail/openconnect-devel/2019-August/005394. > html > https://lists.infradead.org/pipermail/openconnect-devel/2019-August/005395. > html Works with 8.03, thanks. However if I try to build openconnect-8.04 (not bumped yet) it fails with openssl-dtls.c: In function ‘start_dtls_handshake’: openssl-dtls.c:337:13: error: ‘DTLS1_2_VERSION’ undeclared (first use in this function); did you mean ‘TLS1_2_VERSION’? 337 | dtlsver = DTLS1_2_VERSION; | ^~~~~~~~~~~~~~~ | TLS1_2_VERSION
Unfortunately LibreSSL does not support DTLS v1.2. autoconf tries to check DTLS v1.2 support, and enables it wrongly with LibreSSL.
openconnect-8.02 will be removed soon.