Bug 208626

Summary: devel/tcltls: Undefined symbol "SSLv2_method" using libressl (SSLv2 is no longer supported)
Product: Ports & Packages Reporter: Mark.Martinec
Component: Individual Port(s)Assignee: freebsd-ports-bugs (Nobody) <ports-bugs>
Status: Closed FIXED    
Severity: Affects Some People CC: mi, mi
Priority: --- Flags: bugzilla: maintainer-feedback? (mi)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Make it build with libressl none

Description Mark.Martinec 2016-04-08 01:28:32 UTC
Trying to use devel/tcltls (version 1.6.7) with libressl, which no longer
supports SSLv2:

/etc/make.conf:
  WITH_OPENSSL_PORT= yes
  OPENSSL_PORT= security/libressl

Port compilation issues a couple of telltale warnings, but manages
to build the Tcl tls package nevertheless:

  tls.c:561:21: warning: implicit declaration of function 'SSLv2_method'
  is invalid in C99 [-Wimplicit-function-declaration]
                ctx = SSL_CTX_new(SSLv2_method()); break;
                                  ^
  tls.c:561:21: warning: incompatible integer to pointer conversion passing
  'int' to parameter of type 'const SSL_METHOD *' (aka 'const struct
   ssl_method_st *') [-Wint-conversion]
                ctx = SSL_CTX_new(SSLv2_method()); break;
                                  ^~~~~~~~~~~~~~
  /usr/local/include/openssl/ssl.h:1523:40: note: passing argument
  to parameter 'meth' here SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
                                       ^
  tls.c:1118:9: warning: incompatible integer to pointer conversion assigning
  to 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') from 'int'
  [-Wint-conversion]
        method = SSLv2_method ();
               ^ ~~~~~~~~~~~~~~~
  3 warnings generated.


The resulting Tcl package is unfortunately unusable:

  $ tclsh8.6
  % package require tls
  couldn't load file "/usr/local/lib/tls1.6.7/libtls.so.1":
    /usr/local/lib/tls1.6.7/libtls.so.1: Undefined symbol "SSLv2_method"


Would be nice to autodetect availability of SSLv2 and SSLv3, or better yet,
disable both.
Comment 1 Mikhail Teterin freebsd_committer 2016-04-08 04:24:18 UTC
Created attachment 169097 [details]
Make it build with libressl

With this patch tcltls compiles, but one of the tests (run `make check') fails.

Could I ask you to investigate, why? Thanks!
Comment 2 commit-hook freebsd_committer 2016-04-08 04:44:53 UTC
A commit references this bug:

Author: mi
Date: Fri Apr  8 04:44:49 UTC 2016
New revision: 412718
URL: https://svnweb.freebsd.org/changeset/ports/412718

Log:
  Detect, when building against libressl and add -DNO_SSL2 to CFLAGS
  in such situations. While here fix WWW and make other minor changes.

  PR:		208626
  Submitted by:	Mark Martinec

Changes:
  head/devel/tcltls/Makefile
  head/devel/tcltls/pkg-descr
Comment 3 Mikhail Teterin freebsd_committer 2016-04-08 04:46:30 UTC
Fixed, thanks.

The test-failure appears random, actually -- even against base OpenSSL. I filed a ticket upstream about it.