Bug 228937 - mail/opensmtpd: Fails to build with OpenSSL 1.1
Summary: mail/opensmtpd: Fails to build with OpenSSL 1.1
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dima Panov
Depends on:
Blocks: 228865 231931
  Show dependency treegraph
Reported: 2018-06-12 14:21 UTC by Bernard Spil
Modified: 2019-06-30 07:12 UTC (History)
6 users (show)

See Also:
bugzilla: maintainer-feedback? (fluffy)


Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2018-06-12 14:21:59 UTC
> checking LibreSSL header version... 1010008f (OpenSSL 1.1.0h  27 Mar 2018)
> checking LibreSSL library version... 1010008f (OpenSSL 1.1.0h  27 Mar 2018)
>  checking whether LibreSSL's headers match the library... no
> configure: error: Your LibreSSL headers do not match your library. Check config.log for details.

During BSDCan 2018 the intention to update OpenSSL in base to 1.1.x branch was documented.

Intention is to update 12-STABLE to current 1.1.0 and subsequently update it to 1.1.1 when that is released.

Poudriere log: https://keg.brnrd.eu/data/111amd64-default-openssl110/2018-06-11_10h42m37s/logs/errors/opensmtpd-5.9.2p1_6,1.log
Comment 1 Dima Panov freebsd_committer 2018-07-11 05:02:26 UTC
OpenSSL 1.1 still officially unsupported by OpenSMTPd author yet. But promised to be done in next major release :(
Comment 2 Bernard Spil freebsd_committer 2018-07-12 12:07:21 UTC
We better mark it broken then until it's fixed.
Comment 4 Charlie Li 2018-11-09 15:19:46 UTC
Unfortunately, after marking this BROKEN in ports r484257, this refuses to build even for those of us using ssl=libressl{,-devel}. Not sure if there's a good way to except these cases, however.
Comment 5 Kamigishi Rei 2018-12-12 10:03:49 UTC
According to https://github.com/OpenSMTPD/OpenSMTPD/issues/738#issuecomment-435335496 OpenSSL 1.1.x will not be officially supported.
Comment 6 Henrik Hudson 2018-12-18 00:19:27 UTC
Would it not be possible to do like OpenNTPD does and just statically link against libressl? I'm no expert, but just wondering.

from openntpd Makefile:

# Requires libtls from LibreSSL
.if ${SSL_DEFAULT:Mlibressl*}
CPPFLAGS+=              -I${OPENSSLINC}
LDFLAGS+=               -L${OPENSSLLIB}
BUILD_DEPENDS+=         ${NONEXISTENT}:security/libressl:stage
CPPFLAGS+=              -I${WRKDIR}/libressl/include
LDFLAGS+=               -L${WRKDIR}/libressl/lib
Comment 7 Dima Panov freebsd_committer 2018-12-18 10:18:54 UTC
(In reply to Henrik Hudson from comment #6)

This trick will not work because of libevent which is linked with base openssl by default
Comment 8 Pietro Cerutti freebsd_committer 2018-12-20 10:14:06 UTC
Can we please at least unbreak for those who use libressl as a default?

This works for me (tm):

Index: Makefile
--- Makefile    (revision 487802)
+++ Makefile    (working copy)
@@ -60,7 +60,9 @@

 .include <bsd.port.pre.mk>

-.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1200084
+.if ${OPSYS} == FreeBSD && \
+    ((${OSVERSION} > 1200084 && ${SSL_DEFAULT} == "base") || \
+    (${SSL_DEFAULT} == "openssl111"))
 BROKEN=                Incompatible with Openssl 1.1.x yet
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2019-06-29 08:13:29 UTC
(In reply to Pietro Cerutti from comment #8)

Please attach your proposed change as an attachment with maintainer-approval ? >maintainer-email>

That way maintainer timeouts can apply
Comment 11 Pietro Cerutti freebsd_committer 2019-06-30 07:10:34 UTC
Apologies - I forgot to track this properly (or was I on vacation?). My patch was committed by fluffy@ as rr488057 on 12/22/18.
Comment 12 Pietro Cerutti freebsd_committer 2019-06-30 07:12:19 UTC
Well, actually this remains open. My patch fixes the build with LibreSSL. OpenSSL 1.1 is still broken.