Bug 226956 - net/haproxy: Fix build with OpenSSL 1.1 & LibreSSL 2.7
Summary: net/haproxy: Fix build with OpenSSL 1.1 & LibreSSL 2.7
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Walter Schwarzenfeld
URL:
Keywords: needs-qa, patch
Depends on:
Blocks: 226843 228865
  Show dependency treegraph
 
Reported: 2018-03-26 19:29 UTC by Bernard Spil
Modified: 2019-08-08 17:07 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (demon)


Attachments
svn diff for net/haproxy (3.95 KB, patch)
2018-03-26 19:29 UTC, Bernard Spil
no flags Details | Diff
HAProxy fails to build with latest ports libressl 2.7.2 (939.45 KB, text/plain)
2018-05-01 13:15 UTC, Mike Walker
no flags Details
Adjusted for changes to openssl-compat.h in haproxy 1.7.11 libressl 2.7.4 (1.87 KB, patch)
2018-07-31 19:27 UTC, dewayne
no flags Details | Diff
For completeness sock.c in haproxy 1.7.11 libressl 2.7.4 (464 bytes, patch)
2018-07-31 19:29 UTC, dewayne
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-03-26 19:29:13 UTC
Created attachment 191847 [details]
svn diff for net/haproxy

```
net/haproxy: Fix build with OpenSSL 1.1

 - Allow building without NPN which was super-
   seeded by ALPN (security/openssl-devel)
 - Allow building with LibreSSL 2.7 (implements
   OpenSSL 1.1 API)

PR: 
Approved by: (maintainer)
```
Comment 1 Dmitry Sivachenko freebsd_committer 2018-03-26 20:13:29 UTC
Didn't you already submit "building without NPN" in ports/225893?

Speaking of LibreSSL support, can you please participate in http://www.serverphorums.com/read.php?10,1506745 thread to finish polishing this efford and finally include it upstream?
Comment 2 Mike Walker 2018-05-01 13:15:55 UTC
Created attachment 192967 [details]
HAProxy fails to build with latest ports libressl 2.7.2

Both recent HAProxy versions from ports r1.7.10 and 1.7.11 fail to build against the latest ports version of libressl, 2.7.2
Comment 3 Dmitry Sivachenko freebsd_committer 2018-05-03 09:25:47 UTC
Please join discussion at haproxy ML: http://www.serverphorums.com/read.php?10,1529423

There is a patch available there which almost satisfies authors, so there is a little bit more effort needed to integrate it upstream.
Comment 4 Bernard Spil freebsd_committer 2018-06-11 19:07:31 UTC
During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented.

Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released.
Comment 5 dewayne 2018-07-31 19:27:05 UTC
Created attachment 195694 [details]
Adjusted for changes to openssl-compat.h in haproxy 1.7.11 libressl 2.7.4

I've updated Bernard's patch for haproxy 1.7.11 libressl 2.7.4 with two files, only change was placement of the modified lines in openssl-compat.h, while sock.c is unchanged but included for completeness.

Thank-you Bernard.
Comment 6 dewayne 2018-07-31 19:29:30 UTC
Created attachment 195695 [details]
For completeness sock.c in haproxy 1.7.11 libressl 2.7.4
Comment 7 commit-hook freebsd_committer 2018-12-13 06:12:04 UTC
A commit references this bug:

Author: tobik
Date: Thu Dec 13 06:11:25 UTC 2018
New revision: 487345
URL: https://svnweb.freebsd.org/changeset/ports/487345

Log:
  net/haproxy builds fine with OpenSSL 1.1.1

  http://beefy11.nyi.freebsd.org/data/head-i386-default/p485718_s340864/logs/haproxy-1.8.14.log

  PR:		226956

Changes:
  head/net/haproxy/Makefile
Comment 8 Tobias Kortkamp freebsd_committer 2018-12-13 06:14:48 UTC
Still doesn't build with LibreSSL though:

src/ssl_sock.c:60:10: fatal error: 'openssl/async.h' file not found
#include <openssl/async.h>
         ^~~~~~~~~~~~~~~~~
1 error generated.
Comment 9 Walter Schwarzenfeld freebsd_triage 2019-08-08 17:07:20 UTC
haproxy is 2.0.4, libressl-devel 3.0.0 and libressl 2.9.2.

Builds fine with libressl.

The error of comment8 ist correct fixed with:

#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) && !defined(LIBRESSL_VERSION_NUMBER)
#include <openssl/async.h>
#endif

I close here, with overcome by events. Should there still problems, please, re-open.