> checking LibreSSL header version... 1010008f (OpenSSL 1.1.0h 27 Mar 2018) > checking LibreSSL library version... 1010008f (OpenSSL 1.1.0h 27 Mar 2018) > checking whether LibreSSL's headers match the library... no > configure: error: Your LibreSSL headers do not match your library. Check config.log for details. During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented. Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released. Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/opensmtpd-5.9.2p1_6,1.log
OpenSSL 1.1 still officially unsupported by OpenSMTPd author yet. But promised to be done in next major release :(
We better mark it broken then until it's fixed.
Recent failure log: http://package18.nyi.freebsd.org/data/headamd64PR231931-default/2018-10-04_07h49m12s/logs/errors/opensmtpd-5.9.2p1_6,1.log
Unfortunately, after marking this BROKEN in ports r484257, this refuses to build even for those of us using ssl=libressl{,-devel}. Not sure if there's a good way to except these cases, however.
According to https://github.com/OpenSMTPD/OpenSMTPD/issues/738#issuecomment-435335496 OpenSSL 1.1.x will not be officially supported.
Would it not be possible to do like OpenNTPD does and just statically link against libressl? I'm no expert, but just wondering. from openntpd Makefile: # Requires libtls from LibreSSL .if ${SSL_DEFAULT:Mlibressl*} CPPFLAGS+= -I${OPENSSLINC} LDFLAGS+= -L${OPENSSLLIB} .else # SSL_DEFAULT BUILD_DEPENDS+= ${NONEXISTENT}:security/libressl:stage CPPFLAGS+= -I${WRKDIR}/libressl/include LDFLAGS+= -L${WRKDIR}/libressl/lib
(In reply to Henrik Hudson from comment #6) This trick will not work because of libevent which is linked with base openssl by default
Can we please at least unbreak for those who use libressl as a default? This works for me (tm): Index: Makefile =================================================================== --- Makefile (revision 487802) +++ Makefile (working copy) @@ -60,7 +60,9 @@ .include <bsd.port.pre.mk> -.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1200084 +.if ${OPSYS} == FreeBSD && \ + ((${OSVERSION} > 1200084 && ${SSL_DEFAULT} == "base") || \ + (${SSL_DEFAULT} == "openssl111")) BROKEN= Incompatible with Openssl 1.1.x yet .endif
Here's my build log: https://gahr.ch/poudriere/logs/bulk/12amd64-stable/latest/logs/opensmtpd-5.9.2p1_6,1.log
(In reply to Pietro Cerutti from comment #8) Please attach your proposed change as an attachment with maintainer-approval ? >maintainer-email> That way maintainer timeouts can apply
Apologies - I forgot to track this properly (or was I on vacation?). My patch was committed by fluffy@ as rr488057 on 12/22/18.
Well, actually this remains open. My patch fixes the build with LibreSSL. OpenSSL 1.1 is still broken.
Hi, is any plan to resolve the issue soon ? Sacha
(In reply to Sacha from comment #13) As mentioned above, OpenSMTPd developers only target LibreSSL and are not interested in maintaining compatibility with OpenSSL 1.1 and above and I doubt anyone here has the time and will to maintain compatibility with OpenSSL by creating patches for that purpose. You *have* to use LibreSSL if you want OpenSMTPd.
(In reply to Kamigishi Rei from comment #14) It was discussed relatively recently on the OpenSMTPd mailing list that the intention is to move to libtls and create a shim to OpenSSL. https://www.mail-archive.com/misc@opensmtpd.org/msg04420.html https://www.mail-archive.com/misc@opensmtpd.org/msg04432.html
Thanks for answers. I finaly figured to compile from ports with libressl with: /etc/make.conf DEFAULT_VERSIONS+=ssl=libressl ftp_curl_UNSET= TLS_SRP
(In reply to Sacha from comment #16) Yep. Shot into the leg and broke any future build for ssl-related ports on this host. Our SSL framework is totally broken and leads to dll hell. As I mentioned in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213442, please be patient, 6.6 release is almost there and it will be compatible with openssl 1.1.x
(In reply to Dima Panov from comment #17) absolutely Dima, thanks for the info !
opensmtpd 6.6.0 was just released, and supports OpenSSL 1.1 https://opensmtpd.org/announces/release-6.6.0.txt
A commit references this bug: Author: fluffy Date: Sat Oct 26 16:24:54 UTC 2019 New revision: 515714 URL: https://svnweb.freebsd.org/changeset/ports/515714 Log: - Update OpenSMTPd to 6.6.0 portable release This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0. FreeBSD 11.x users should update to 12.x/13.x or switch system-wide default ssl library to openssl111/libressl - Update -extras to 6.4.0 release Filters still missing, corresponded ports temporary markes as IGNORED PR: 213442,228937 MFH: 2019Q4