Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 25 Aug 2017 23:11:21 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 212149] security/strongswan: Runtime failures with LibreSSL
Message-ID:  <bug-212149-13-jU76HSfTlA@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-212149-13@https.bugs.freebsd.org/bugzilla/>
References:  <bug-212149-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212149

--- Comment #29 from dewayne@heuristicsystems.com.au ---
(In reply to Franco Fichtner from comment #28)
Thanks Franco.=20=20

Strongswan 5.6.0 builds on my FreeBSD 11.1 Stable i386/amd64. Unfortunately=
 on
libressl,=20
# /usr/local/libexec/ipsec/charon
coughs up=20
00[LIB] plugin 'openssl' failed to load:
/usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol
"X509_get0_signature"

with libressl 2.5.5.=20=20

Sequence=20
-1. svnlite update --accept=3Dtc /usr/ports
0. Rebuild all ports, strongswan failed (due to previous files/patch*)
1. remove /usr/ports/security/strongswan
2. svnlite update /usr/ports/security/strongswan
3. make -C /usr/ports/security/strongswan clean package
4. Installed the package
5. /usr/local/libexec/ipsec/charon
Plugin failed.

Applied /usr/include/openssl/opensslv.h patch (below) for
OPENSSL_VERSION_NUMBER changes and modified my make.conf to include=20
CFLAGS+=3D -DOPENSSL_IS_LIBRESSL
Same failure result.

With openssl (not libressl), strongswan 5.6.0 builds and runs.

Patch applied was restated from=20
https://github.com/opnsense/ports/commit/d76955f3d

#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.5.5"
 /* These will never change */
#ifndef OPENSSL_IS_LIBRESSL
#define OPENSSL_VERSION_NUMBER  0x20000000L  /* Suggested by
https://github.com/opnsense/ports/commit/d76955f3d */
#else
#define OPENSSL_VERSION_NUMBER  0x1000107fL
#endif /* OPENSSL_IS_LIBRESSL */

/* For libressl 2.5.5 this is/should be # define OPENSSL_VERSION_NUMBER=20
0x100020bfL */

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212149-13-jU76HSfTlA>