Bug 208626 - devel/tcltls: Undefined symbol "SSLv2_method" using libressl (SSLv2 is no longer supported)
Summary: devel/tcltls: Undefined symbol "SSLv2_method" using libressl (SSLv2 is no lon...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
Depends on:
Reported: 2016-04-08 01:28 UTC by Mark.Martinec
Modified: 2016-04-08 04:46 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (mi)

Make it build with libressl (755 bytes, patch)
2016-04-08 04:24 UTC, Mikhail Teterin
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark.Martinec 2016-04-08 01:28:32 UTC
Trying to use devel/tcltls (version 1.6.7) with libressl, which no longer
supports SSLv2:

  OPENSSL_PORT= security/libressl

Port compilation issues a couple of telltale warnings, but manages
to build the Tcl tls package nevertheless:

  tls.c:561:21: warning: implicit declaration of function 'SSLv2_method'
  is invalid in C99 [-Wimplicit-function-declaration]
                ctx = SSL_CTX_new(SSLv2_method()); break;
  tls.c:561:21: warning: incompatible integer to pointer conversion passing
  'int' to parameter of type 'const SSL_METHOD *' (aka 'const struct
   ssl_method_st *') [-Wint-conversion]
                ctx = SSL_CTX_new(SSLv2_method()); break;
  /usr/local/include/openssl/ssl.h:1523:40: note: passing argument
  to parameter 'meth' here SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
  tls.c:1118:9: warning: incompatible integer to pointer conversion assigning
  to 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') from 'int'
        method = SSLv2_method ();
               ^ ~~~~~~~~~~~~~~~
  3 warnings generated.

The resulting Tcl package is unfortunately unusable:

  $ tclsh8.6
  % package require tls
  couldn't load file "/usr/local/lib/tls1.6.7/libtls.so.1":
    /usr/local/lib/tls1.6.7/libtls.so.1: Undefined symbol "SSLv2_method"

Would be nice to autodetect availability of SSLv2 and SSLv3, or better yet,
disable both.
Comment 1 Mikhail Teterin freebsd_committer 2016-04-08 04:24:18 UTC
Created attachment 169097 [details]
Make it build with libressl

With this patch tcltls compiles, but one of the tests (run `make check') fails.

Could I ask you to investigate, why? Thanks!
Comment 2 commit-hook freebsd_committer 2016-04-08 04:44:53 UTC
A commit references this bug:

Author: mi
Date: Fri Apr  8 04:44:49 UTC 2016
New revision: 412718
URL: https://svnweb.freebsd.org/changeset/ports/412718

  Detect, when building against libressl and add -DNO_SSL2 to CFLAGS
  in such situations. While here fix WWW and make other minor changes.

  PR:		208626
  Submitted by:	Mark Martinec

Comment 3 Mikhail Teterin freebsd_committer 2016-04-08 04:46:30 UTC
Fixed, thanks.

The test-failure appears random, actually -- even against base OpenSSL. I filed a ticket upstream about it.