Updating from openssl 1.0.2t to openssl 1.1.1, re-compiling sendmail to support sasl and sendmail fails to compile with tls errors: cc -O2 -pipe -march=nocona -I/usr/src/contrib/sendmail/src -I/usr/src/contrib/sendmail/include -I. -DNEWDB -DNIS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -DTCPWRAPPERS -I/usr/local/include -DSASL=2 -D_FFR_SMTP_SSL -g -MD -MF.depend.tls.o -MTtls.o -std=gnu99 -fstack-protector-strong -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-typedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -Qunused-arguments -c /usr/src/contrib/sendmail/src/tls.c -o tls.o /usr/src/contrib/sendmail/src/tls.c:70:4: error: incomplete definition of type 'struct dh_st' dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:71:4: error: incomplete definition of type 'struct dh_st' dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:72:9: error: incomplete definition of type 'struct dh_st' if ((dh->p == NULL) || (dh->g == NULL)) ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:72:28: error: incomplete definition of type 'struct dh_st' if ((dh->p == NULL) || (dh->g == NULL)) ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:123:4: error: incomplete definition of type 'struct dh_st' dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:124:4: error: incomplete definition of type 'struct dh_st' dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:125:9: error: incomplete definition of type 'struct dh_st' if ((dh->p == NULL) || (dh->g == NULL)) ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:125:28: error: incomplete definition of type 'struct dh_st' if ((dh->p == NULL) || (dh->g == NULL)) ~~^ /usr/local/include/openssl/ossl_typ.h:104:16: note: forward declaration of 'struct dh_st' typedef struct dh_st DH; ^ /usr/src/contrib/sendmail/src/tls.c:929:22: warning: implicit declaration of function 'BIO_s_file_internal' is invalid in C99 [-Wimplicit-function-declaration] crl_file = BIO_new(BIO_s_file_internal()); ^ /usr/src/contrib/sendmail/src/tls.c:929:22: warning: incompatible integer to pointer conversion passing 'int' to parameter of type 'const BIO_METHOD *' (aka 'const struct bio_method_st *') [-Wint-conversion] crl_file = BIO_new(BIO_s_file_internal()); ^~~~~~~~~~~~~~~~~~~~~ /usr/local/include/openssl/bio.h:548:32: note: passing argument to parameter 'type' here BIO *BIO_new(const BIO_METHOD *type); ^ /usr/src/contrib/sendmail/src/tls.c:1006:17: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations] (rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, ^ /usr/local/include/openssl/rsa.h:234:1: note: 'RSA_generate_key' has been explicitly marked deprecated here DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void ^ /usr/local/include/openssl/opensslconf.h:170:34: note: expanded from macro 'DEPRECATEDIN_0_9_8' # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) ^ /usr/local/include/openssl/opensslconf.h:121:55: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); ^ /usr/src/contrib/sendmail/src/tls.c:1213:10: warning: 'DSA_generate_parameters' is deprecated [-Wdeprecated-declarations] dsa = DSA_generate_parameters(bits, NULL, 0, NULL, ^ /usr/local/include/openssl/dsa.h:117:1: note: 'DSA_generate_parameters' has been explicitly marked deprecated here DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, ^ /usr/local/include/openssl/opensslconf.h:170:34: note: expanded from macro 'DEPRECATEDIN_0_9_8' # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) ^ /usr/local/include/openssl/opensslconf.h:121:55: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); ^ /usr/src/contrib/sendmail/src/tls.c:1747:12: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations] rsa_tmp = RSA_generate_key(RSA_KEYLENGTH, RSA_F4, NULL, NULL); ^ /usr/local/include/openssl/rsa.h:234:1: note: 'RSA_generate_key' has been explicitly marked deprecated here DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void ^ /usr/local/include/openssl/opensslconf.h:170:34: note: expanded from macro 'DEPRECATEDIN_0_9_8' # define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) ^ /usr/local/include/openssl/opensslconf.h:121:55: note: expanded from macro 'DECLARE_DEPRECATED' # define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); ^ /usr/src/contrib/sendmail/src/tls.c:1974:10: error: incomplete definition of type 'struct x509_store_ctx_st' if (ctx->error == X509_V_ERR_UNABLE_TO_GET_CRL) ~~~^ /usr/local/include/openssl/ossl_typ.h:128:16: note: forward declaration of 'struct x509_store_ctx_st' typedef struct x509_store_ctx_st X509_STORE_CTX; ^ /usr/src/contrib/sendmail/src/tls.c:1976:7: error: incomplete definition of type 'struct x509_store_ctx_st' ctx->error = 0; ~~~^ /usr/local/include/openssl/ossl_typ.h:128:16: note: forward declaration of 'struct x509_store_ctx_st' typedef struct x509_store_ctx_st X509_STORE_CTX; ^ 5 warnings and 10 errors generated. *** Error code 1 Stop. make: stopped in /usr/src/usr.sbin/sendmail
Could you clarify "Updating from openssl 1.0.2t to openssl 1.1.1" Do you mean security/openssl port? Can you please provide more information including: - Exact FreeBSD version (uname -a) - make.conf / src.conf / kernel configuration (as attachments) - If using the openssl port, details on how you are setting/invoking the base build to use it
Well just upgraded from 11.2-RELEASE to 11.3-RELEASE, using GENERIC kernel: uname -a: FreeBSD host.ee.ryerson.ca 11.3-RELEASE-p5 FreeBSD 11.3-RELEASE-p5 #0: Tue Nov 12 08:59:04 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 did portsnap fetch update cd /usr/ports/security/openssl make deinstall clean install pkg info |grep openssl # pkg info |grep openssl openssl-1.1.1d,1 TLSv1.3 capable SSL and crypto library # grep -v "^#" /etc/make.conf CPUTYPE?=nocona SENDMAIL_MC=/etc/mail/mailhost.mc SENDMAIL_CFLAGS=-I/usr/local/include -DSASL=2 SENDMAIL_LDFLAGS=-L/usr/local/lib SENDMAIL_LDADD=-lsasl2 SENDMAIL_CFLAGS+= -D_FFR_SMTP_SSL SVN_UPDATE=YES DEFAULT_VERSIONS+= ssl=openssl Using default src.conf ie: # ls -l /etc/src.conf ls: /etc/src.conf: No such file or directory With regards to the steps to reproduce, simply followed handbook: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/SMTP-Auth.html # cd /usr/src/lib/libsmutil # make cleandir && make obj && make # cd /usr/src/lib/libsm # make cleandir && make obj && make # cd /usr/src/usr.sbin/sendmail # make cleandir && make obj && make && make install On the last make (prior to make install) sendmail fails to compile on the file tls.c as listed in first posting.
I ran into the same problem while upgrading from 11.3 to 11.4. The problem seems to be related to also compiling SASL in. As soon as I removed all Sendmail SASL related defines from /etc/make.conf, it compiled fine.
The problem is that Handbook instructions for Sendmail+SSL for 11.3-RELEASE became outdated. The Handbook was fixed before 11.4-RELEASE. *** This bug has been marked as a duplicate of bug 244937 ***