Created attachment 179658 [details] Fix building problem. Does it run correctly? Hello, OpenVPN doesn't build with LibreSSL 2.5.1, getting this error: "ssl_openssl.c:512:30: error: no member named 'cert' in 'struct ssl_ctx_st' ssl.cert = ctx->ctx->cert; ~~~~~~~~ ^ 1 error generated. *** Error code 1" I've attached a patch, inspired from curl's source code: https://github.com/curl/curl/blob/master/lib/vtls/openssl.c#L603-L619 Unfortunately, I don't have a usable running OpenVPN server, can someone please test if everything works properly? Best Regards.
Talking about LibreSSL, not related to the build problem: a few lines above my modification, at line 488 of file src/openvpn/ssl_openssl.c there is this test: #if OPENSSL_VERSION_NUMBER >= 0x10002000L Shouldn't it be completed by: || defined(LIBRESSL_VERSION_NUMBER) ? SSL_CTX_set_ecdh_auto seems to be present in LibreSSL 2.2.2 which also define LIBRESSL_VERSION_NUMBER for the first time.
(In reply to OlivierW from comment #1) My mistake, LIBRESSL_VERSION_NUMBER and SSL_CTX_set_ecdh_auto() are also in earlier versions of LibreSSL... SSL_CTX_set_ecdh_auto() appears in LibreSSL 2.1.0, but versions are all equal to "0x20000000L" in 2.1.0, 2.2.1 and earlier versions like 2.0.6. Maybe we should target LibreSSL 2.2.2 which has "0x20020002L". If so, the test mentioned in comment #1 should be changed to: #if OPENSSL_VERSION_NUMBER >= 0x10002000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x20020002L )
If it hurts, don't do it, and build against OpenSSL or mbedTLS. I will not currently accept local patches for OpenVPN that affect crypto code. Any such patches need to be directed upstream for review and scrutiny. The upstream maintainers are normally open to such contributions, but I lack personal interest in spending my time on a product that claims OpenSSL compatibility and breaks everywhere and everything.
Ok I understand, I'll send it upstream.
best channels are https://community.openvpn.net/openvpn and the openvpn-devel mailing list for discussion and questions.
Thanks mandree@! Sadly I read your comment too late and didn't follow the right way to contribute to OpenVPN :-( I'll fix that problem tonight or in the next few days. Since my first post here, I've been able to setup and run OpenVPN. I just don't know how to test the code works. If you or anyone is interested in following the correction of this build error, here's the gihub pull request: https://github.com/OpenVPN/openvpn/pull/82
Hello, For people interested in the follow-up of the patch, it has been upstreamed: https://github.com/OpenVPN/openvpn/commit/dcfd3b6173d8cdb4658de23db1dd0bd932b390d2 :-) Best Regards, Olivier