Bug 228937 - mail/opensmtpd: Fails to build with OpenSSL 1.1
Summary: mail/opensmtpd: Fails to build with OpenSSL 1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dima Panov
Depends on: 213442
Blocks: 228865 231931
  Show dependency treegraph
Reported: 2018-06-12 14:21 UTC by Bernard Spil
Modified: 2019-10-26 16:48 UTC (History)
8 users (show)

See Also:
bugzilla: maintainer-feedback? (fluffy)


Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-06-12 14:21:59 UTC
> checking LibreSSL header version... 1010008f (OpenSSL 1.1.0h  27 Mar 2018)
> checking LibreSSL library version... 1010008f (OpenSSL 1.1.0h  27 Mar 2018)
>  checking whether LibreSSL's headers match the library... no
> configure: error: Your LibreSSL headers do not match your library. Check config.log for details.

During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented.

Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released.

Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/opensmtpd-5.9.2p1_6,1.log
Comment 1 Dima Panov freebsd_committer 2018-07-11 05:02:26 UTC
OpenSSL 1.1 still officially unsupported by OpenSMTPd author yet. But promised to be done in next major release :(
Comment 2 Bernard Spil freebsd_committer 2018-07-12 12:07:21 UTC
We better mark it broken then until it's fixed.
Comment 4 Charlie Li freebsd_committer 2018-11-09 15:19:46 UTC
Unfortunately, after marking this BROKEN in ports r484257, this refuses to build even for those of us using ssl=libressl{,-devel}. Not sure if there's a good way to except these cases, however.
Comment 5 Kamigishi Rei 2018-12-12 10:03:49 UTC
According to https://github.com/OpenSMTPD/OpenSMTPD/issues/738#issuecomment-435335496 OpenSSL 1.1.x will not be officially supported.
Comment 6 Henrik Hudson 2018-12-18 00:19:27 UTC
Would it not be possible to do like OpenNTPD does and just statically link against libressl? I'm no expert, but just wondering.

from openntpd Makefile:

# Requires libtls from LibreSSL
.if ${SSL_DEFAULT:Mlibressl*}
CPPFLAGS+=              -I${OPENSSLINC}
LDFLAGS+=               -L${OPENSSLLIB}
BUILD_DEPENDS+=         ${NONEXISTENT}:security/libressl:stage
CPPFLAGS+=              -I${WRKDIR}/libressl/include
LDFLAGS+=               -L${WRKDIR}/libressl/lib
Comment 7 Dima Panov freebsd_committer 2018-12-18 10:18:54 UTC
(In reply to Henrik Hudson from comment #6)

This trick will not work because of libevent which is linked with base openssl by default
Comment 8 Pietro Cerutti freebsd_committer 2018-12-20 10:14:06 UTC
Can we please at least unbreak for those who use libressl as a default?

This works for me (tm):

Index: Makefile
--- Makefile    (revision 487802)
+++ Makefile    (working copy)
@@ -60,7 +60,9 @@

 .include <bsd.port.pre.mk>

-.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1200084
+.if ${OPSYS} == FreeBSD && \
+    ((${OSVERSION} > 1200084 && ${SSL_DEFAULT} == "base") || \
+    (${SSL_DEFAULT} == "openssl111"))
 BROKEN=                Incompatible with Openssl 1.1.x yet
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-29 08:13:29 UTC
(In reply to Pietro Cerutti from comment #8)

Please attach your proposed change as an attachment with maintainer-approval ? >maintainer-email>

That way maintainer timeouts can apply
Comment 11 Pietro Cerutti freebsd_committer 2019-06-30 07:10:34 UTC
Apologies - I forgot to track this properly (or was I on vacation?). My patch was committed by fluffy@ as rr488057 on 12/22/18.
Comment 12 Pietro Cerutti freebsd_committer 2019-06-30 07:12:19 UTC
Well, actually this remains open. My patch fixes the build with LibreSSL. OpenSSL 1.1 is still broken.
Comment 13 Sacha 2019-10-14 07:58:03 UTC

is any plan to resolve the issue soon ?

Comment 14 Kamigishi Rei 2019-10-15 11:18:56 UTC
(In reply to Sacha from comment #13)
As mentioned above, OpenSMTPd developers only target LibreSSL and are not interested in maintaining compatibility with OpenSSL 1.1 and above and I doubt anyone here has the time and will to maintain compatibility with OpenSSL by creating patches for that purpose.

You *have* to use LibreSSL if you want OpenSMTPd.
Comment 15 wcarson.bugzilla 2019-10-15 14:26:43 UTC
(In reply to Kamigishi Rei from comment #14)

It was discussed relatively recently on the OpenSMTPd mailing list that the intention is to move to libtls and create a shim to OpenSSL.

Comment 16 Sacha 2019-10-15 14:51:46 UTC
Thanks for answers.

I finaly figured to compile from ports with libressl with:

ftp_curl_UNSET=   TLS_SRP
Comment 17 Dima Panov freebsd_committer 2019-10-15 15:11:02 UTC
(In reply to Sacha from comment #16)
Yep. Shot into the leg and broke any future build for ssl-related ports on this host.
Our SSL framework is totally broken and leads to dll hell. 

As I mentioned in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213442, please be patient, 6.6 release is almost there and it will be compatible with openssl 1.1.x
Comment 18 Sacha 2019-10-15 15:26:51 UTC
(In reply to Dima Panov from comment #17)
absolutely Dima, thanks for the info !
Comment 19 Ben Woods freebsd_committer 2019-10-26 14:26:41 UTC
opensmtpd 6.6.0 was just released, and supports OpenSSL 1.1
Comment 20 Dima Panov freebsd_committer 2019-10-26 16:47:30 UTC
A commit references this bug: 

Author: fluffy 
Date: Sat Oct 26 16:24:54 UTC 2019 
New revision: 515714 
URL: https://svnweb.freebsd.org/changeset/ports/515714 

- Update OpenSMTPd to 6.6.0 portable release 
This release builds with LibreSSL > 3.0.2 or OpenSSL > 1.1.0. 
FreeBSD 11.x users should update to 12.x/13.x or switch system-wide 
default ssl library to openssl111/libressl 

- Update -extras to 6.4.0 release 
Filters still missing, corresponded ports temporary markes 

PR: 213442,228937 
MFH: 2019Q4