On FreeBSD b2.hs 11.1-PRERELEASE FreeBSD 11.1-PRERELEASE #0 r318992M: Sun May 28 06:32:28 AEST 2017 make package returns ^ src/main/tls.c:3169:12: error: no member named 'psk_identity' in 'struct fr_tls_server_conf_t' if (conf->psk_identity) { ~~~~ ^ 4 warnings and 1 error generated. gmake[1]: *** [scripts/boiler.mk:635: build/objs/src/main/tls.lo] Error 1
@Dewayne, Did this port build using libressl in a previous versions (ie: is this a regression), or using a different version of libressl, and if so, please detail the last version combination(s) that built successfully.
(In reply to Kubilay Kocak from comment #1) I doubt that this is going to help, I need to spend more time on it. Interim update. Freeradius3 3.0.13 successfully builds with libressl 2.5.4 on FreeBSD11.1Beta3 amd64. We only use certs, no psk's. Both FreeRadius3 and libressl have been upgraded 3.0.14 and 2.5.4. The error src/main/tls.c:3169:10: error: 'fr_tls_server_conf_t {aka struct fr_tls_server_conf_t}' has no member named 'psk_identity' if (conf->psk_identity) { seems to arise because PSK_MAX_IDENTITY_LEN is defined in openssl's /usr/local/include/openssl/ssl.h but not in libressl's instance. (Aside libressl is used on amd64, while the i386's use openssl (for padlock)) openssl's ssl.h is -rw-r--r-- 1 root wheel 149267 Jul 1 18:45 /usr/local/include/openssl/ssl.h while libressl has -rw-r--r-- 1 root wheel 84869 Jul 1 15:33 /usr/local/include/openssl/ssl.h obviously a significant difference. But if that mattered, why would 3.0.13 build on libressl but 3.0.14 doesn't :( So I compared the tls.c's "include" files for a clue (compared 3.0.13 with those in 3.0.14) # sh -c 'for i in process.h rad_assert.h radiusd.h; do diff freeradius-server-3.0.13/src/include/$i /var/ports/usr/ports/net/freeradius3/work/freeradius-server-3.0.14/src/include/$i; done' # No differences. diff'ing tls.c revealed a lot of changes. Apart from < #if OPENSSL_VERSION_NUMBER >= 0x10100000L --- > #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) There wasn't anything obviously related. FYI: Config for all tests options: b2# make -C /usr/ports/net/freeradius3 -DUSE_K8 showconfig|grep =on DOCS=on: Build and/or install documentation HEIMDAL=on: With Heimdal Kerberos support HEIMDAL_PORT=on: With Heimdal Kerberos from ports KERBEROS=on: Kerberos support LDAP=on: LDAP protocol support PERL=on: Perl scripting language support USER=on: Run as user freeradius, group freeradius b2# And significant flags on amd64: # make -C /usr/ports/net/freeradius3 -DUSE_K8 -DUSE_GCC5 showconfig -VCFLAGS -Vspacer -VLDFLAGS -O2 -pipe -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -g0 -ggdb0 -DSTRIP_FBSDID -UDEBUGGING -UEBUGGING -UDEBUG -march=core-avx-i -mtune=core-avx-i -I/usr/local/include -fstack-protector -Wl,-rpath=/usr/local/lib/gcc5 -DLDAP_DEPRECATED -fno-strict-aliasing -L/usr/local/lib -L/usr/local/lib/heimdal -Wl,-rpath,/usr/local/lib -fstack-protector -Wl,-rpath=/usr/local/lib/gcc5 -L/usr/local/lib/gcc5 In trying to get this to build, I used gcc5 whereas we normally build with clang. The behaviour is the same regardless of compiler. Please note that I have some local changes to my libressl. If anyone can build freeradius3 3.0.14 with libressl 2.5.4 on 11.1beta3 or later then I may have the problem, as the other 1170 ports build fine. Unfortunately on this build cycle, I've run out of time and reverted freeradius3, back to 3.0.13 :/
Created attachment 184116 [details] patch against head This is a fix via HardenedBSD originally written by OpenBSD.
Friendly ping to get this merged :)
Bernard (CC'd) is probably best places to address this. Also still not sure whether this is/was a regression, though the summary implies it, and if so on what port change(s) (freeradius or libressl) the regression was introduced. Can someone comment/confirm. @Franco The HardenedBSD commit mentions FreeBSD fiddling with a patch and removing another. Can you provide references to the commits/issues that made those changes so we can CC/assign the committer if necessary. Attachment 184116 [details] also needs QA confirmation
FreeRADIUS 3.0.14 added a features which broke LibreSSL compatibility (PSK). The commit hstory in FreeBSD: https://svnweb.freebsd.org/ports?view=revision&revision=442287 Original update (zi) https://svnweb.freebsd.org/ports?view=revision&revision=443120 Incomplete/faulty LibreSSL fix (brnrd) https://svnweb.freebsd.org/ports?view=revision&revision=443386 Resolve of broken port by removing LibreSSL compat patch completely (zi) At the very least, zi should have been assigned last month, it probably failed because the subject missed a colon after the port origin? Cheers, Franco
Thank you for clarifying and providing references Franco.
Please make sure you are reaching out to the FreeRADIUS developers for this issue.
This is already on the v3.0.x branch: https://github.com/FreeRADIUS/freeradius-server/commit/2093dc4a46d1bfbd3ef3a78cea1b8ded916441de
Port updated to 3.0.15, which should include the required commits from upstream. Please confirm this has been resolved.
3.0.15 looks good on LibreSSL 2.4.5 now. Cheers, Franco
Assign to maintainer and committer that resolved (the same)