On the upcoming FreeBSD 14.0-RELEASE, running `tctls` now gives out an error. Steps to reproduce: 1. Install the package pkg install tcltls tcl86` 2. Run the following: $ tclsh8.6 % package require tls Expected result: Package is loaded Actual result: Error with the following message couldn't load file "/usr/local/lib/tls1.7.18/tcltls.so": /usr/local/lib/tls1.7.18/tcltls.so: Undefined symbol "get_dhParams" This happens on a newly installed FreeBSD 14.0-RELEASE, with both pkg and port.
Have you updated all your packages to the most recent version?
(In reply to Robert Clausecker from comment #1) The package should be the most recent versions. I've also tried to build tcl86 and tcltls from ports, but I'm seeing the same result. Just to make sure, I ran: $ doas pkg-static update $ doas pkg-static upgrade -f And imported tcltls again, but the issue persists. I've done some more debugging, and it looks like the background of the issue is that: 1. tcltls generates a dh_param.h using gen_dh_params script during build 2. gen_dh_params script depends on the "openssl dhparam -C" for this purpose 3. the "openssl dhparam -C" was removed in openssl 3.0[1] 4. FreeBSD tcltls patched gen_dh_params to disable other fallback generation method 5. since 14.0-RELEASE shipped with OpenSSL 3.0, this has caused gen_dh_params script to silently fail 6. sadly, the compilation went through[2], and tcltls imploded on runtime as a result [1]: https://github.com/openssl/openssl/pull/13384 [2]: and due to this, it was never flagged in bug #258413
Thank you, gentlemen, for the report -- and the analysis. The silent failure is the worst part about it :( I'll try to fix it soonest -- and commit the fix with the upgrade to 1.7.22.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 commit 2ed62c75d1230bbe8268a1a3c54de2972d50dcf8 Author: Mikhail Teterin <mi@FreeBSD.org> AuthorDate: 2023-11-20 03:38:38 +0000 Commit: Mikhail Teterin <mi@FreeBSD.org> CommitDate: 2023-11-20 03:40:58 +0000 devel/tcltls: adapt to OpenSSL-3.0, upgrade, fix tests. PR: 275160 devel/tcltls/Makefile | 11 ++++++- devel/tcltls/distinfo | 6 ++-- devel/tcltls/files/dh_params.h (new) | 28 ++++++++++++++++ devel/tcltls/files/patch-gen_dh_params (gone) | 27 --------------- .../files/patch-ssl_ignore_unexpected_eof (new) | 14 ++++++++ devel/tcltls/files/patch-tests (new) | 38 ++++++++++++++++++++++ devel/tcltls/files/patch-warnings (new) | 30 +++++++++++++++++ 7 files changed, 123 insertions(+), 31 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d2545249739ae3fd9f99f400004058872e0bee94 commit d2545249739ae3fd9f99f400004058872e0bee94 Author: Mikhail Teterin <mi@FreeBSD.org> AuthorDate: 2023-11-20 04:10:55 +0000 Commit: Mikhail Teterin <mi@FreeBSD.org> CommitDate: 2023-11-20 04:10:55 +0000 devel/tcltls: fixes to the newly-added generation of DH-parameters Specifically: - move the entire code to the post-configure target -- so that our own header will be newer than the Makefile generated by configure. Otherwise the authors' Makefile will (attempt to) regenerate the dh_param.h again. - use openssl's asnparse functionality to more reliably parse the generated prime -- and turn it into C. PR: 275160 devel/tcltls/Makefile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-)
Please, test the new version of the port -- as promised, it contains an upgrade to 1.7.22 as well as a new means of generating the default DH parameters (without relying on the "-C" flag).
Please, reopen if this -- or a related -- problem still exists.
Sorry for late feedback (I did not have a chance to test it during the week). I can confirm that 1.7.22 resolved my issue. Thank you!