Message ID | 20220815132057.570981-1-fontaine.fabrice@gmail.com |
---|---|
State | Superseded |
Headers | show |
Series | [1/1] package/uacme: ualpn needs libopenssl | expand |
Fabrice, All, On 2022-08-15 15:20 +0200, Fabrice Fontaine spake thusly: > ualpn is not compatible with libressl as stated by upstream in > https://github.com/ndilieto/uacme/commit/32546c7caa1626bbef860cf81e53d10e29fca5cb [--SNIP--] > diff --git a/package/uacme/Config.in b/package/uacme/Config.in > index 796f54754e..2c6864871c 100644 > --- a/package/uacme/Config.in > +++ b/package/uacme/Config.in > @@ -21,6 +21,8 @@ config BR2_PACKAGE_UACME_UALPN > bool "enable ualpn" > depends on BR2_TOOLCHAIN_HAS_THREADS > select BR2_PACKAGE_LIBEV > + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL \ > + if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS) There is something a little fishy in uacme, and the order it depends on openssl, gnutls, mbedtls. So, if both mbedtls and openssl are enabled, the above will not force libopenssl, yet, openssl is used preferentially to mbedtls: 18 ifeq ($(BR2_PACKAGE_GNUTLS),y) 19 UACME_CONF_OPTS += --with-gnutls 20 UACME_DEPENDENCIES += gnutls 21 else ifeq ($(BR2_PACKAGE_OPENSSL),y) 22 UACME_CONF_OPTS += --with-openssl 23 UACME_DEPENDENCIES += openssl 24 else ifeq ($(BR2_PACKAGE_MBEDTLS),y) 25 UACME_CONF_OPTS += --with-mbedtls 26 UACME_DEPENDENCIES += mbedtls 27 endif So, this is not correct, as this could still be using libressl. I think the order in the .mk should be reversed, with openssl coming after embedtls, so that the preference order is the same in the .mk and it is in Config.in. Regards, Yann E. MORIN. > help > Build and install ualpn, the transparent proxying tls-alpn-01 > challenge responder. > -- > 2.35.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/uacme/Config.in b/package/uacme/Config.in index 796f54754e..2c6864871c 100644 --- a/package/uacme/Config.in +++ b/package/uacme/Config.in @@ -21,6 +21,8 @@ config BR2_PACKAGE_UACME_UALPN bool "enable ualpn" depends on BR2_TOOLCHAIN_HAS_THREADS select BR2_PACKAGE_LIBEV + select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL \ + if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS) help Build and install ualpn, the transparent proxying tls-alpn-01 challenge responder.
ualpn is not compatible with libressl as stated by upstream in https://github.com/ndilieto/uacme/commit/32546c7caa1626bbef860cf81e53d10e29fca5cb ualpn.c: In function 'ssl_client_hello_cb': ualpn.c:2038:16: error: 'SSL_CLIENT_HELLO_RETRY' undeclared (first use in this function); did you mean 'SSL_F_CLIENT_HELLO'? 2038 | return SSL_CLIENT_HELLO_RETRY; | ^~~~~~~~~~~~~~~~~~~~~~ | SSL_F_CLIENT_HELLO Fixes: - http://autobuild.buildroot.org/results/d7d49cfce6f99c59e99c8e15399164fd5ecacc21 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/uacme/Config.in | 2 ++ 1 file changed, 2 insertions(+)