I went a little overboard :) and created those patches. They make it possible to build the latest git sources of Openconnect against LibreSSL 2.4.2. Basically, they remove bad_dtls_test and add missing LIBRESSL_VERSION_NUMBER. I've verified that the binaries I built work and I successfully logged in to VPN using it. When connecting I get: SSL_set_session() failed with old protocol version 0x100 Are you using a version of OpenSSL older than 0.9.8m? See http://rt.openssl.org/Ticket/Display.html?id=1751 Use the --no-dtls command line option to avoid this message Set up DTLS failed; using SSL instead which is harmless Output of make check: Making check in tests make make check-TESTS PASS: lzstest PASS: seqtest ============================================================================ Testsuite summary for openconnect 7.07 ============================================================================ # TOTAL: 2 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ @dwmw2 I know it's unreasonable to expect you to remove bad_dtls_test, but could you at least add the missing LIBRESSL_VERSION_NUMBER checks? On 08/31/16 07:02 PM, Bernard Spil wrote: > On 2016-08-31 15:05, David Woodhouse wrote: >> On Wed, 2016-08-31 at 15:02 +0200, Bernard Spil wrote: >>> >>> Hi, >>> >>> I heard you like git diffs. Please find a git diff against master >>> attached. >> >> Inline is also fine, although your last attempt was word-wrapped and >> didn't apply cleanly. The attachment seems to have resolved that. >> >> But there are bigger problems, I'm afraid. I've commented in >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212254#c6 > > Hi David, > > Saw that PR. Clear. Noted! > > If you need OpenConnect, pull in GnuTLS (or OpenSSL from ports if you > must). > > Cheers, > > Bernard. -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-dtls.c Type: text/x-csrc Size: 1159 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0003.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-openssl.c Type: text/x-csrc Size: 1487 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0004.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-openssl-esp.c Type: text/x-csrc Size: 636 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0005.bin> -------------- next part -------------- --- tests/Makefile.am.orig 2016-08-31 17:39:09 UTC +++ tests/Makefile.am @@ -48,17 +48,6 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \ noinst_PROGRAMS = lzstest seqtest -if CHECK_DTLS -noinst_PROGRAMS += bad_dtls_test -bad_dtls_test_SOURCES = bad_dtls_test.c -bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS) -bad_dtls_test_LDADD = $(OPENSSL_LIBS) - -if DTLS_XFAIL -XFAIL_TESTS = bad_dtls_test -endif -endif - TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS) -------------- next part -------------- --- tests/Makefile.in.orig 2016-08-31 17:39:44 UTC +++ tests/Makefile.in @@ -97,9 +97,6 @@ host_triplet = @host@ @OPENCONNECT_OPENSSL_TRUE@ $(certsdir)/user-key-pkcs8-pbes1-md5-des.pem \ @OPENCONNECT_OPENSSL_TRUE@ $(certsdir)/user-key-pkcs8-pbes1-md5-des.der noinst_PROGRAMS = lzstest$(EXEEXT) seqtest$(EXEEXT) $(am__EXEEXT_1) - at CHECK_DTLS_TRUE@am__append_2 = bad_dtls_test - at CHECK_DTLS_TRUE@@DTLS_XFAIL_TRUE at XFAIL_TESTS = \ - at CHECK_DTLS_TRUE@@DTLS_XFAIL_TRUE@ bad_dtls_test$(EXEEXT) subdir = tests ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_vscript.m4 \ @@ -114,21 +111,12 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = - at CHECK_DTLS_TRUE@am__EXEEXT_1 = bad_dtls_test$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) -am__bad_dtls_test_SOURCES_DIST = bad_dtls_test.c - at CHECK_DTLS_TRUE@am_bad_dtls_test_OBJECTS = \ - at CHECK_DTLS_TRUE@ bad_dtls_test-bad_dtls_test.$(OBJEXT) -bad_dtls_test_OBJECTS = $(am_bad_dtls_test_OBJECTS) am__DEPENDENCIES_1 = - at CHECK_DTLS_TRUE@bad_dtls_test_DEPENDENCIES = $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_ at AM_V@) am__v_lt_ = $(am__v_lt_ at AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -bad_dtls_test_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(bad_dtls_test_CFLAGS) \ - $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ lzstest_SOURCES = lzstest.c lzstest_OBJECTS = lzstest.$(OBJEXT) lzstest_LDADD = $(LDADD) @@ -170,8 +158,6 @@ AM_V_CCLD = $(am__v_CCLD_ at AM_V@) am__v_CCLD_ = $(am__v_CCLD_ at AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(bad_dtls_test_SOURCES) lzstest.c seqtest.c -DIST_SOURCES = $(am__bad_dtls_test_SOURCES_DIST) lzstest.c seqtest.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -624,9 +610,6 @@ TESTS_ENVIRONMENT = srcdir="$(srcdir)" \ top_builddir="$(top_builddir)" \ key_list="$(USER_KEYS)" - at CHECK_DTLS_TRUE@bad_dtls_test_SOURCES = bad_dtls_test.c - at CHECK_DTLS_TRUE@bad_dtls_test_CFLAGS = $(OPENSSL_CFLAGS) - at CHECK_DTLS_TRUE@bad_dtls_test_LDADD = $(OPENSSL_LIBS) TESTS = $(dist_check_SCRIPTS) $(noinst_PROGRAMS) OPENSSL = openssl OSSLARGS = -in $< -out $@ -passout pass:password @@ -674,10 +657,6 @@ clean-noinstPROGRAMS: echo " rm -f" $$list; \ rm -f $$list -bad_dtls_test$(EXEEXT): $(bad_dtls_test_OBJECTS) $(bad_dtls_test_DEPENDENCIES) $(EXTRA_bad_dtls_test_DEPENDENCIES) - @rm -f bad_dtls_test$(EXEEXT) - $(AM_V_CCLD)$(bad_dtls_test_LINK) $(bad_dtls_test_OBJECTS) $(bad_dtls_test_LDADD) $(LIBS) - lzstest$(EXEEXT): $(lzstest_OBJECTS) $(lzstest_DEPENDENCIES) $(EXTRA_lzstest_DEPENDENCIES) @rm -f lzstest$(EXEEXT) $(AM_V_CCLD)$(LINK) $(lzstest_OBJECTS) $(lzstest_LDADD) $(LIBS) @@ -692,7 +671,6 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c - at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/bad_dtls_test-bad_dtls_test.Po at am__quote@ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/lzstest.Po at am__quote@ @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/seqtest.Po at am__quote@ @@ -717,20 +695,6 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LTCOMPILE) -c -o $@ $< -bad_dtls_test-bad_dtls_test.o: bad_dtls_test.c - at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -MT bad_dtls_test-bad_dtls_test.o -MD -MP -MF $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo -c -o bad_dtls_test-bad_dtls_test.o `test -f 'bad_dtls_test.c' || echo '$(srcdir)/'`bad_dtls_test.c - at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo $(DEPDIR)/bad_dtls_test-bad_dtls_test.Po - at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bad_dtls_test.c' object='bad_dtls_test-bad_dtls_test.o' libtool=no @AMDEPBACKSLASH@ - at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ - at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -c -o bad_dtls_test-bad_dtls_test.o `test -f 'bad_dtls_test.c' || echo '$(srcdir)/'`bad_dtls_test.c - -bad_dtls_test-bad_dtls_test.obj: bad_dtls_test.c - at am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -MT bad_dtls_test-bad_dtls_test.obj -MD -MP -MF $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo -c -o bad_dtls_test-bad_dtls_test.obj `if test -f 'bad_dtls_test.c'; then $(CYGPATH_W) 'bad_dtls_test.c'; else $(CYGPATH_W) '$(srcdir)/bad_dtls_test.c'; fi` - at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bad_dtls_test-bad_dtls_test.Tpo $(DEPDIR)/bad_dtls_test-bad_dtls_test.Po - at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bad_dtls_test.c' object='bad_dtls_test-bad_dtls_test.obj' libtool=no @AMDEPBACKSLASH@ - at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ - at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bad_dtls_test_CFLAGS) $(CFLAGS) -c -o bad_dtls_test-bad_dtls_test.obj `if test -f 'bad_dtls_test.c'; then $(CYGPATH_W) 'bad_dtls_test.c'; else $(CYGPATH_W) '$(srcdir)/bad_dtls_test.c'; fi` - mostlyclean-libtool: -rm -f *.lo @@ -958,13 +922,6 @@ seqtest.log: seqtest$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -bad_dtls_test.log: bad_dtls_test$(EXEEXT) - @p='bad_dtls_test$(EXEEXT)'; \ - b='bad_dtls_test'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: @p='$<'; \ $(am__set_b); \ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160831/c32b72d8/attachment-0001.sig>
