Opened 4 years ago

Closed 4 years ago

#799 closed Bug / Defect (fixed)

OpenVPN 2.4.0 fails to build against LibreSSL

Reported by: cardioid Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: openssl, libressl, crypto, ssl
Cc: Steffan Karger

Description

OpenVPN 2.4.0 fails to build against LibreSSL (tested with 2.5.0).

Steps to reproduce:

  1. Compile LibreSSL, I did this with:
    --prefix=/build/libressl/.openssl
    
  2. Checkout OpenVPN from Github
  3. Switch to 2.4.0 release branch
  4. Generate configure
    autoreconf -vi
    
  1. Configure
    ./configure OPENSSL_SSL_LIBS="-L/build/libressl/.openssl/lib -lssl" OPENSSL_SSL_CFLAGS="-I/build/libressl/.openssl/include" OPENSSL_CRYPTO_LIBS="-L/build/libressl/.openssl/lib -lcrypto" OPENSSL_CRYPTO_CFLAGS="-I/build/libressl/.openssl/include" --disable-debug --disable-dependency-tracking --disable-silent-rules --with-crypto-library=openssl
    

Error:

...
checking for pam_start in -lpam... yes
checking for PKCS11_HELPER... no
checking for OPENSSL... no
checking for SSL_CTX_new... no
configure: error: openssl check failed
...

Everything worked fine with 2.3.9

Change History (3)

comment:1 Changed 4 years ago by Gert Döring

Cc: Steffan Karger added

the configure variables got simplified - it's no longer OPENSSL_SSL_LIB and OPENSSL_CRYPTO_LIB, but both combined into OPENSSL_LIBS=... and OPENSSL_CFLAGS=... .

Please test and report back :-)

comment:2 Changed 4 years ago by cardioid

Thank you @syzzer!
This works fine:

./configure OPENSSL_LIBS="-L/build/libressl/.openssl/lib -lssl -lcrypto" OPENSSL_CFLAGS="-I/build/libressl/.openssl/include" --disable-debug --disable-dependency-tracking --disable-silent-rules --with-crypto-library=openssl

comment:3 Changed 4 years ago by Gert Döring

Resolution: fixed
Status: newclosed

Thanks for testing and reporting back. I'm now closing this one.

There is also #794 where we discuss adding a simplified --with-ssl-dir=$basedir configure option that will do OPENSSL_LIBS/OPENSSL_CFLAGS in a single step. No decision or code has been made yet, though.

Note: See TracTickets for help on using tickets.