Skip to content

Instantly share code, notes, and snippets.

@woohooyeah
Last active March 24, 2018 15:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save woohooyeah/7b3adc482ffd1c0c0d2277b430e96d90 to your computer and use it in GitHub Desktop.
Save woohooyeah/7b3adc482ffd1c0c0d2277b430e96d90 to your computer and use it in GitHub Desktop.
a patch for OpenVPN 2.4.5 to prevent errors when compiling with LibreSSL 2.6.4
diff --git a/configure.ac b/configure.ac
index 88d1e09..7db5c79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -935,6 +935,18 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
EC_GROUP_order_bits
]
)
+ AC_CHECK_DECL(
+ [
+ SSL_CTX_get_min_proto_version,
+ SSL_CTX_get_max_proto_version,
+ SSL_CTX_set_min_proto_version,
+ SSL_CTX_set_max_proto_version,
+ ],
+ ,
+ ,
+ [[#include <openssl/ssl.h>]]
+
+ )
CFLAGS="${saved_CFLAGS}"
LIBS="${saved_LIBS}"
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index d375fab..340d452 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -661,7 +661,7 @@ EC_GROUP_order_bits(const EC_GROUP *group)
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
#endif
-#ifndef SSL_CTX_get_min_proto_version
+#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION
/** Return the min SSL protocol version currently enabled in the context.
* If no valid version >= TLS1.0 is found, return 0. */
static inline int
@@ -684,7 +684,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
}
#endif /* SSL_CTX_get_min_proto_version */
-#ifndef SSL_CTX_get_max_proto_version
+#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION
/** Return the max SSL protocol version currently enabled in the context.
* If no valid version >= TLS1.0 is found, return 0. */
static inline int
@@ -707,7 +707,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
}
#endif /* SSL_CTX_get_max_proto_version */
-#ifndef SSL_CTX_set_min_proto_version
+#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
@@ -736,7 +736,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
}
#endif /* SSL_CTX_set_min_proto_version */
-#ifndef SSL_CTX_set_max_proto_version
+#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION
/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
@woohooyeah
Copy link
Author

woohooyeah commented Mar 5, 2018

This is a patch for OpenVPN 2.4.5 to prevent this error when compiling with LibreSSL 2.6.4:

In file included from crypto_openssl.c:44:0:
openssl_compat.h:717:1: error: conflicting types for ‘SSL_CTX_set_min_proto_version’
 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from openssl_compat.h:45:0,
                 from crypto_openssl.c:44:
/opt/libressl-2.6.4/include/openssl/ssl.h:1175:5: note: previous declaration of ‘SSL_CTX_set_min_proto_version’ was here
 int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto_openssl.c:44:0:
openssl_compat.h:746:1: error: conflicting types for ‘SSL_CTX_set_max_proto_version’
 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from openssl_compat.h:45:0,
                 from crypto_openssl.c:44:
/opt/libressl-2.6.4/include/openssl/ssl.h:1176:5: note: previous declaration of ‘SSL_CTX_set_max_proto_version’ was here
 int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:674: crypto_openssl.o] Error 1
make[3]: *** Waiting for unfinished jobs....
mv -f .deps/buffer.Tpo .deps/buffer.Po
mv -f .deps/comp-lz4.Tpo .deps/comp-lz4.Po
mv -f .deps/crypto.Tpo .deps/crypto.Po
make[3]: Leaving directory '/home/username/build-asp/openvpn/src/openvpn-2.4.5/src/openvpn'
make[2]: *** [Makefile:430: all-recursive] Error 1
make[2]: Leaving directory '/home/username/build-asp/openvpn/src/openvpn-2.4.5/src'
make[1]: *** [Makefile:615: all-recursive] Error 1
make[1]: Leaving directory '/home/username/build-asp/openvpn/src/openvpn-2.4.5'
make: *** [Makefile:503: all] Error 2

@woohooyeah
Copy link
Author

Source here, I altered it to work with OpenVPN 2.4.5

@woohooyeah
Copy link
Author

Only works when autoconf is actually called (so it doesn't work for openvpn-build)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment