#28 Add LibreSSL compatibility

Closed
opened 6 months ago by blu256 · 14 comments
blu256 commented 6 months ago

Basic information

  • TDE version: R14.0.6
  • Distribution: Void Linux
  • Hardware: amd64
  • SL/Wishlist

Description

Some distributions (like Void Linux) now provide LibreSSL instead of OpenSSL as a default. LibreSSL is OpenBSD’s fork of OpenSSL 1.0.1b. TDElibs (especially KSSL in TDEIO) fails to compile.

excerpt from stdout: https://pastebin.com/37QfJMYc

Steps to reproduce

  1. Fetch the source code for tdelibs (R14.0.6)
  2. Create out-of-source build directory and configure with cmake
  3. Run ‘make’

Screenshots

<!-- This is a comment. Please fill in the required fields below. The comments provide instructions on how to do so. Note: You do not need to remove comments. --> ## Basic information - TDE version: R14.0.6 <!-- such as R14.0.6 - see tde-config -v --> - Distribution: Void Linux <!-- such as Debian Stretch - see lsb_release -sd --> - Hardware: amd64 <!-- amd64 / i386 / armhf / ... --> <!-- Use SL/* labels to set the severity level. Please do not set a milestone. --> - SL/Wishlist ## Description Some distributions (like Void Linux) now provide LibreSSL instead of OpenSSL as a default. LibreSSL is OpenBSD's fork of OpenSSL 1.0.1b. TDElibs (especially KSSL in TDEIO) fails to compile. excerpt from stdout: https://pastebin.com/37QfJMYc ## Steps to reproduce 1. Fetch the source code for tdelibs (R14.0.6) 2. Create out-of-source build directory and configure with cmake 3. Run 'make' ## Screenshots <!-- If it seems useful, please provide provide one or more screenshots. -->
SlavekB commented 6 months ago
Owner

Please, what is the output from the CMake configuration that is related to SSL library detection?

Please, what is the output from the CMake configuration that is related to SSL library detection?
blu256 commented 6 months ago
Poster

stdout during configuration only mentions OpenSSL once:

-- Checking for one of the modules ‘openssl’

CMakeCache.txt contains the following: https://pastebin.com/n4kfEKH3

BTW, LibreSSL does provide some headers in /usr/include/openssl. I have LibreSSL 2.8.3 and in opensslv.h (which is imported in kopenssl.h) the macro which defines OpenSSL version number contains the value 0x20000000L: https://pastebin.com/btthU22U

I think, with LibreSSL being a fork of OpenSSL 1.0.1b, that it is not compatible with some of the changes that newer versions brought about; though, OPENSSL_VERSION_NUMBER being > 0x10100000L, the compatibility checks in tdeio/kssl/kopenssl.h fail. I might as well be wrong. I’m checking this right now and if I have results, I’ll report back.

stdout during configuration only mentions OpenSSL once: > -- Checking for one of the modules 'openssl' CMakeCache.txt contains the following: https://pastebin.com/n4kfEKH3 BTW, LibreSSL _does_ provide some headers in /usr/include/openssl. I have LibreSSL 2.8.3 and in opensslv.h (which is imported in kopenssl.h) the macro which defines OpenSSL version number contains the value 0x20000000L: https://pastebin.com/btthU22U I think, with LibreSSL being a fork of OpenSSL _1.0.1b_, that it is not compatible with some of the changes that newer versions brought about; though, OPENSSL_VERSION_NUMBER being > 0x10100000L, the compatibility checks in tdeio/kssl/kopenssl.h fail. I might as well be wrong. I'm checking this right now and if I have results, I'll report back.
blu256 commented 6 months ago
Poster

I was able to compile tdelibs making some changes to tdeio/kssl/kopenssl.h and tdeeio/kssl/ksslcertificate.cc (some #ifndef LIBRESSL_VERSION_NUMBER’s to check if the SSL flavour is LibreSSL)

I was able to compile tdelibs making some changes to tdeio/kssl/kopenssl.h and tdeeio/kssl/ksslcertificate.cc (some #ifndef LIBRESSL_VERSION_NUMBER's to check if the SSL flavour is LibreSSL)
blu256 commented 6 months ago
Poster

My changes as a patch file: https://pastebin.com/e3mPVc1p

My changes as a patch file: https://pastebin.com/e3mPVc1p
MicheleC commented 6 months ago
Owner

Hi Blu, thanks for the good work. Rather than posting a patch on pastebin, could you create a branch and a pull request here in gitea? That is the main advantage of using gitea, moreover authorship of the patch would be maintained automatically.
The wiki guide on TGW should provide some help on how to create a PR and if you need further help, just ask here.

Hi Blu, thanks for the good work. Rather than posting a patch on pastebin, could you create a branch and a pull request here in gitea? That is the main advantage of using gitea, moreover authorship of the patch would be maintained automatically.<br> The wiki guide on TGW should provide some help on how to create a PR and if you need further help, just ask here.
MicheleC commented 6 months ago
Owner

@blu256: I have added you to the contributor group, so you can now create PRs :smiley:

Don’t forget to sign-off your commit with the -s flag as per DCO.

@blu256: I have added you to the contributor group, so you can now create PRs :smiley: Don't forget to sign-off your commit with the -s flag as per DCO.
blu256 commented 6 months ago
Poster

Ok, done.

Ok, done.
SlavekB added a new dependency 6 months ago
MicheleC commented 6 months ago
Owner

Thanks a lot and keep up the good work :smile:

Thanks a lot and keep up the good work :smile:
MicheleC added this to the R14.0.7 release milestone 6 months ago
SlavekB commented 6 months ago
Owner

@blu256, thank you for your excellent cooperation.

@blu256, thank you for your excellent cooperation.
MicheleC commented 6 months ago
Owner

Keep up the good work Philippe :smile:

Keep up the good work Philippe :smile:
StefG commented 2 months ago

Hello,

there’s a typo in the patch for ksslcertificate.cc which breaks compilation: you have written LIBERSSL_VERSION_NUMBER instead of LIBRESSL_VERSION_NUMBER

Hello, there's a typo in the patch for ksslcertificate.cc which breaks compilation: you have written LIBERSSL_VERSION_NUMBER instead of LIBRESSL_VERSION_NUMBER
MicheleC commented 2 months ago
Owner

Thanks Stef. This has now been fixed. Could you please double check and let us know if ok?

Thanks Stef. This has now been fixed. Could you please double check and let us know if ok?
StefG commented 2 months ago

I can’t really do it. I was compiling Release 14.0.6 when I met the LibreSSL acceptance problem, then I found this patch and just copied-pasted the 3 relevant lines in the kopenssl.h and ksslcertificate.cc from 14.0.6, and it wouldn’t compile because of the typo. Once corrected, it built OK.

So I can say it compiles with 14.0.6 (I can’t say it works, since I haven’t finished building the whole environment, but at least it builds OK), but I can’t test the development version (I would need to recompile all dependencies with development versions).

Sorry.

But proofreading this 2 letters change seems fine ;-)

I can't really do it. I was compiling Release 14.0.6 when I met the LibreSSL acceptance problem, then I found this patch and just copied-pasted the 3 relevant lines in the kopenssl.h and ksslcertificate.cc from 14.0.6, and it wouldn't compile because of the typo. Once corrected, it built OK. So I can say it compiles with 14.0.6 (I can't say it works, since I haven't finished building the whole environment, but at least it builds OK), but I can't test the development version (I would need to recompile all dependencies with development versions). Sorry. But proofreading this 2 letters change seems fine ;-)
MicheleC commented 2 months ago
Owner

no problem. if you ever come around the same issue, just let us know. Thanks for poiting out the typo :+1:

no problem. if you ever come around the same issue, just let us know. Thanks for poiting out the typo :+1:
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Due Date

No due date set.

Loading…
Cancel
Save
There is no content yet.