240396 – net-mgmt/nrpe3: Fails to start when built with libressl (Error: Could not set SSL/TLS cipher list)

Bug 240396 - net-mgmt/nrpe3: Fails to start when built with libressl (Error: Could not set SSL/TLS cipher list)

Summary: net-mgmt/nrpe3: Fails to start when built with libressl (Error: Could not set...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Niclas Zeising

URL:
Keywords:	needs-patch, needs-qa

Depends on:
Blocks:

Reported:	2019-09-07 21:25 UTC by korsani
Modified:	2019-10-07 18:54 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (zeising) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description korsani 2019-09-07 21:25:47 UTC

I compiled nrpe3 with libressl. Here is my make.conf :

DEFAULT_VERSIONS+=ssl=libressl

and securiy/libressl installed

nrpe3 compiles, but failed to start :
/usr/local/etc/rc.d/nrpe3: WARNING: failed to start nrpe3

In the logs :

nrpe[1885] Error: Could not set SSL/TLS cipher list

Compiling with ssl enabled like this, whilst libressl is installed, make everything ok :

DEFAULT_VERSIONS+=ssl=base

Comment 1 Niclas Zeising freebsd_committer

2019-09-08 13:52:31 UTC

Hi!
I'm not sure this is a bug. nrpe isn't made to compile with libressl, and this isn't the default FreeBSD configuration.

Comment 2 korsani 2019-09-08 17:12:12 UTC

Hi,

So... maybe put a disclaimer saying that building with libressl is not supported ?

Comment 3 commit-hook freebsd_committer

2019-09-09 15:09:44 UTC

A commit references this bug:

Author: zeising
Date: Mon Sep  9 15:08:51 UTC 2019
New revision: 511634
URL: https://svnweb.freebsd.org/changeset/ports/511634

Log:
  net-mgmt/nrpe3: Mark broken with libressl

  nrpe3 runtime is broken when using libressl, mark it as broken.

  PR:		240396
  Reported by:	korsani@free.fr

Changes:
  head/net-mgmt/nrpe3/Makefile

Comment 4 Niclas Zeising freebsd_committer

2019-09-09 15:10:21 UTC

I've marked the port broken when trying to compile it with libressl.

Comment 5 Adam McDougall 2019-09-09 15:19:31 UTC

Does adding this to your nrpe.cfg make it work?

ssl_cipher_list=ALL:!MD5:@STRENGTH

Comment 6 korsani 2019-09-10 17:04:31 UTC

(In reply to ebay from comment #5)

Yes, it does !

Comment 7 Adam McDougall 2019-10-05 18:38:06 UTC

This issue can be solved from the config file, the port should not be marked broken at compile time with LibreSSL. Please revert?

Comment 8 commit-hook freebsd_committer

2019-10-07 18:54:19 UTC

A commit references this bug:

Author: zeising
Date: Mon Oct  7 18:53:38 UTC 2019
New revision: 513989
URL: https://svnweb.freebsd.org/changeset/ports/513989

Log:
  net-mgmt/nrpe3: Allow using libressl

  Apparently, nrpe3 works with libressl if the configuration is changed
  slightly, so remove BROKEN.
  This reverts r511634.

  PR:		240396

Changes:
  head/net-mgmt/nrpe3/Makefile