Skip to content

Instantly share code, notes, and snippets.

@woohooyeah

woohooyeah/openvpn-002-libressl_fix.patch

Last active March 24, 2018 16:51
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save woohooyeah/e6e6f233b3cbfb0fdec1f1b9e6209740 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save woohooyeah/e6e6f233b3cbfb0fdec1f1b9e6209740 to your computer and use it in GitHub Desktop.
Download ZIP
a patch for OpenVPN 2.4.5 to prevent errors when compiling with LibreSSL 2.7.0/2.7.1
Raw
openvpn-002-libressl_fix.patch
--- src/openvpn/openssl_compat.h 2018-03-23 21:15:33.469068148 +0100
+++ src/openvpn/openssl_compat.h 2018-03-23 21:21:55.194909901 +0100
@@ -661,7 +661,7 @@
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT
#endif
-#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION
+#if 0
/** Return the min SSL protocol version currently enabled in the context.
* If no valid version >= TLS1.0 is found, return 0. */
static inline int
@@ -684,7 +684,7 @@
}
#endif /* SSL_CTX_get_min_proto_version */
-#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION
+#if 0
/** Return the max SSL protocol version currently enabled in the context.
* If no valid version >= TLS1.0 is found, return 0. */
static inline int
@@ -711,7 +711,7 @@
}
#endif /* SSL_CTX_get_max_proto_version */
-#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION
+#if 0
/** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
@@ -740,7 +740,7 @@
}
#endif /* SSL_CTX_set_min_proto_version */
-#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION
+#if 0
/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
static inline int
SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
@woohooyeah
Copy link
Author

woohooyeah commented Mar 24, 2018
edited
Loading

Another version of this patch (different function names):

--- src/openvpn/openssl_compat.h	2018-03-24 15:10:13.247855613 +0100
+++ src/openvpn/openssl_compat.h	2018-03-24 15:11:56.094324516 +0100
@@ -661,7 +661,7 @@
 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT       RSA_F_RSA_EAY_PRIVATE_ENCRYPT
 #endif
 
-#ifndef SSL_CTX_get_min_proto_version
+#if 0
 /** Return the min SSL protocol version currently enabled in the context.
  *  If no valid version >= TLS1.0 is found, return 0. */
 static inline int
@@ -684,7 +684,7 @@
 }
 #endif /* SSL_CTX_get_min_proto_version */
 
-#ifndef SSL_CTX_get_max_proto_version
+#if 0
 /** Return the max SSL protocol version currently enabled in the context.
  *  If no valid version >= TLS1.0 is found, return 0. */
 static inline int
@@ -711,7 +711,7 @@
 }
 #endif /* SSL_CTX_get_max_proto_version */
 
-#ifndef SSL_CTX_set_min_proto_version
+#if 0
 /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
 static inline int
 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
@@ -740,7 +740,7 @@
 }
 #endif /* SSL_CTX_set_min_proto_version */
 
-#ifndef SSL_CTX_set_max_proto_version
+#if 0
 /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
 static inline int
 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)

@woohooyeah
Copy link
Author

woohooyeah commented Mar 24, 2018
edited
Loading

Tried to use this patch with my openvpn-build fork, but for some reason it still complains about missing symbols in the link phase when cross-compiling (for win64), and in that situation autoconf is not called (so I'm unable to use the patch which I used when building with LibreSSL 2.6.4).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment