Bug 228898 - net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Summary: net-mgmt/net-snmp: Fails to link with OpenSSL 1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ryan Steinmetz
: 232763 236202 238097 (view as bug list)
Depends on:
Blocks: 228865 231931
  Show dependency treegraph
Reported: 2018-06-11 19:25 UTC by Bernard Spil
Modified: 2019-08-15 08:43 UTC (History)
21 users (show)

See Also:
bugzilla: maintainer-feedback? (zi)

svm-diff-net-snmp-openssl (42.69 KB, patch)
2018-10-11 17:35 UTC, Walter Schwarzenfeld
no flags Details | Diff
svm-diff-net-snmp-openssl_v2 (5.85 KB, patch)
2018-10-12 02:05 UTC, Walter Schwarzenfeld
no flags Details | Diff
svm-diff-net-snmp-openssl_v3 (6.04 KB, patch)
2018-10-12 02:07 UTC, Walter Schwarzenfeld
no flags Details | Diff
additional-patch (2.09 KB, patch)
2018-10-27 14:09 UTC, Walter Schwarzenfeld
no flags Details | Diff
diff-Makefile (572 bytes, patch)
2018-10-31 16:40 UTC, Walter Schwarzenfeld
no flags Details | Diff
Unbreak with openssl111, rebased from comment #29 (1.38 KB, patch)
2019-04-19 04:32 UTC, Dima Panov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-06-11 19:25:33 UTC
undefined reference to `EVP_MD_CTX_free'

During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented.

Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released.

Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/net-snmp-5.7.3_18.log
Comment 2 Nathan 2018-10-07 07:30:14 UTC
I'll work on this one
Comment 3 Nathan 2018-10-07 15:33:54 UTC
(In reply to Nathan from comment #2)
Edit: I had no luck with this one, so feel free to work on this one
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-10-11 17:35:36 UTC
Created attachment 198040 [details]
Comment 5 Walter Schwarzenfeld freebsd_triage 2018-10-11 17:36:22 UTC
I found this at

Looks useful, but I cannot test, with openssl.
(compiles fine with libressl).
Comment 6 Walter Schwarzenfeld freebsd_triage 2018-10-11 19:01:08 UTC
Comment on attachment 198040 [details]

Someone on IRC tested the patch, does not work.
Comment 7 Walter Schwarzenfeld freebsd_triage 2018-10-12 02:05:36 UTC
Created attachment 198050 [details]

This should work with libressl and openssl111.
It is a modified debian-patch (unfortunately I forgot to save the link).
Comment 8 Walter Schwarzenfeld freebsd_triage 2018-10-12 02:07:50 UTC
Created attachment 198051 [details]

Forgot Portrevison.
Comment 9 Walter Schwarzenfeld freebsd_triage 2018-10-12 02:16:59 UTC
Maybe, the obsoleted patch also works, the point was:


but I have not tested again yet (was a long night....).
Comment 10 Vitalij Satanivskij 2018-10-14 22:56:12 UTC
Just notice:
With svm-diff-net-snmp-openssl_v3 patch I'm sucessfuly build net-snmp and it'
s working fine on FreeBSD 12.0-ALPHA9 #0 r339354
But with option TLS DISABLED (just no need for me)
Comment 11 Charlie Li freebsd_committer 2018-10-16 06:05:07 UTC
Setting CONFIGURE_ARGS+=--with-openssl="${OPENSSLBASE}" alone fixes the build with ssl=libressl-devel and TLS enabled. However, OpenSSL 1.1.1 (which is in base now) still fails during configure, primarily because SSL_library_init(3) is deprecated since OpenSSL 1.1.0 in favour of OPENSSL_init_ssl(3); the latter function is also available in LibreSSL.
Comment 12 Walter Schwarzenfeld freebsd_triage 2018-10-16 11:15:30 UTC
It could not be more as a workaround. There is a newer verion  (5.8 - see bug #232025).  And there another 12 Bugs open for net-snmp.
Comment 13 O. Hartmann 2018-10-17 08:05:33 UTC
Breakage of this port affects important other ports, like hplip, cups, qt4-network, icinga2 and so on  and ports depending on them. Is there a timeframe when to expect a relieve?

The proposed patch fixes the openssl-1.1.1 issue as long as option TLS is not selected.
Comment 14 Mathieu Arnold freebsd_committer 2018-10-27 10:46:29 UTC
Is this going somewhere ?
Comment 15 Matthias Fechner freebsd_committer 2018-10-27 11:21:25 UTC
I can confirm that this patch with openssl 1.1.1 from ports and disabled TLS in net-snmp works.
Comment 16 Walter Schwarzenfeld freebsd_triage 2018-10-27 14:09:57 UTC
Created attachment 198690 [details]

I have a additional patch silents some error during build with TLS=on, but I got still a linker-error:

/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `SSL_set
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_sk_value'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `OPENSSL_init_crypto'
/wrkdirs/usr/ports/net-mgmt/net-snmp/work/net-snmp-5.7.3/snmplib/.libs/libnetsnmp.so: undefined reference to `EVP_MD_CTX_free'

and I have no idea. Maybe someone other find something
Comment 17 Mathieu Arnold freebsd_committer 2018-10-27 16:17:13 UTC
Does this fix on 12 with OpenSSL from the base system?
Comment 18 Walter Schwarzenfeld freebsd_triage 2018-10-27 16:49:41 UTC
See comment7 and I think O.Hartmann has also 12. But TLS=on still not work.
Comment 19 Walter Schwarzenfeld freebsd_triage 2018-10-27 16:53:02 UTC
sorry not comment7 I meant comment10.
Comment 20 Walter Schwarzenfeld freebsd_triage 2018-10-28 15:01:50 UTC
*** Bug 232763 has been marked as a duplicate of this bug. ***
Comment 21 Mathieu Arnold freebsd_committer 2018-10-30 22:15:58 UTC
So, what does the maintainer has to say about this?  The maintainer timeout window has passed 4 days ago, it can be committed.
Comment 22 Mathieu Arnold freebsd_committer 2018-10-31 11:33:01 UTC
building, I'll commit after testing it works.
Comment 23 commit-hook freebsd_committer 2018-10-31 14:36:02 UTC
A commit references this bug:

Author: mat
Date: Wed Oct 31 14:35:16 UTC 2018
New revision: 483586
URL: https://svnweb.freebsd.org/changeset/ports/483586

  Fix build with OpenSSL 1.1.1 in base.

  PR:		228898
  Submitted by:	w.schwarzenfeld@utanet.at
  Reported by:	brnrd
  Approved by:	maintainer

Comment 24 commit-hook freebsd_committer 2018-10-31 14:39:09 UTC
A commit references this bug:

Author: mat
Date: Wed Oct 31 14:38:32 UTC 2018
New revision: 483587
URL: https://svnweb.freebsd.org/changeset/ports/483587

  MFH: r483586

  Fix build with OpenSSL 1.1.1 in base.

  PR:		228898
  Submitted by:	w.schwarzenfeld@utanet.at
  Reported by:	brnrd
  Approved by:	maintainer

_U  branches/2018Q4/
Comment 25 Walter Schwarzenfeld freebsd_triage 2018-10-31 15:35:03 UTC
Thank you!
But you have forgot to mark the TLS option BROKEN (for the moment) only for OPENSSL user.
It works with LIBRESSL.
Comment 26 Walter Schwarzenfeld freebsd_triage 2018-10-31 16:40:06 UTC
Created attachment 198805 [details]

Comment 27 Mike Andrews 2018-11-01 04:54:30 UTC
The most recently committed patch also doesn't cover the case of FreeBSD 11.2 and DEFAULT_VERSIONS= ssl=openssl111 -- this is the one port keeping me from switching over to OpenSSL 1.1.1 (and thus enabling TLS 1.3 on our website) on FreeBSD 11.2.

Would net-snmp 5.8 make any of this easier?  Bug 232025 covers that one.
Comment 28 Mathieu Arnold freebsd_committer 2018-11-01 16:36:46 UTC
I did not bump PORTREVISION because the port was not building before.
Comment 29 dewayne 2019-02-15 14:30:48 UTC
(In reply to Mike Andrews from comment #27)
Yes it was an impediment to me (11.2Stable, using security/openssl111), and I'm sure many others.  I've spent 4+ hours on this, lots of different issues, but this patch is correct (its after 1am so I wont try to attribute, but thank-you)
however the configure strip tests for SSL_library_init and fails. There's the clue, so I made these changes to the net-snmp/Makefile, via svnlite diff: 

-BROKEN_SSL=    openssl111
+#BROKEN_SSL=   openssl111

-.if ${OSVERSION} >= 1200085
+#.if ${OSVERSION} >= 1200085  # perhap >1100000 ?
 EXTRA_PATCHES= ${PATCHDIR}/extra-patch-openssl11


@@ -251,6 +252,7 @@
        @${REINPLACE_CMD} -e 's!utmp_p->ut_name!utmp_p->ut_user!' \
        @${REINPLACE_CMD} -E -e 's|return pci_lookup_name|disabled broken|g' \
+               -e 's|SSL_library_init|OPENSSL_init_ssl|g' \
        @${CP} ${WRKSRC}/include/net-snmp/system/freebsd12.h \

Compiles cleanly on i386 and amd64.
Comment 30 TAO ZHOU 2019-02-20 23:50:47 UTC
That worked for me.
Comment 31 Walter Schwarzenfeld freebsd_triage 2019-03-04 12:00:07 UTC
*** Bug 236202 has been marked as a duplicate of this bug. ***
Comment 32 Dima Panov freebsd_committer 2019-04-19 04:32:22 UTC
Created attachment 203784 [details]
Unbreak with openssl111, rebased from comment #29

(In reply to dewayne from comment #29)

Use OPENSSLBASE instead of hardcode path, add more conditions to check for extra patch
Comment 33 John Baldwin freebsd_committer freebsd_triage 2019-07-03 20:35:41 UTC
Any reason to not commit the last patch from Dima so this can be closed?
Comment 34 Dima Panov freebsd_committer 2019-07-06 12:45:44 UTC
(In reply to John Baldwin from comment #33)

Looks like noone interested in fixed TLS support :(

Will commit it tomorrow with maintainer timeout (>2 months silence since submission)
Comment 35 commit-hook freebsd_committer 2019-07-07 15:17:44 UTC
A commit references this bug:

Author: fluffy
Date: Sun Jul  7 15:17:18 UTC 2019
New revision: 506141
URL: https://svnweb.freebsd.org/changeset/ports/506141

  - Real unbreak with openssl111 from ports
  - Use ${OPENSSLBASE} instead of hardcode path
  - Add more conditions to check for extra patch
  - TLS option is fine now

  PR:		228898
  Submitted by:	myself (this patch)
  Approved by:	maintainer timeout (>2 months after submission)
  MFH:		2019Q3

Comment 36 Walter Schwarzenfeld freebsd_triage 2019-08-15 08:43:01 UTC
*** Bug 238097 has been marked as a duplicate of this bug. ***