-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net-misc/openconnect: Reintroduce libressl USE. #2727
Conversation
Have you actually tested this? Both build time and run time? As the ebuild is currently written, I would expect configure to error out due to missing DTLS support in libressl. |
Actually, LibreSSL was blacklisted in configure.ac post-7.07. My mistake. |
Yeah I tested this at runtime and it worked on my end. The developer blacklisted it in this commit post 7.07: Reason being DTLSv2 is the default connection encryption scheme, which is not included in LibreSSL. That said, normal TLS does work in 7.07, and as far as I can tell, he doesn't drop TLS support in favor of just DTLS support EDIT: Ah. In order to force LibreSSL or "broken" openssl in new versions, we need to use the configure flag The developer also included the patch I added upstream, so it seems he wants to discourage anyone from using that backend, but not break it. EDIT 2: confirmed, with |
And about fixing DTLSv2 support in LibreSSL: And one of the reasons they didn't merge it is because the DTLSv2 used by openconnect is Cisco specific, and doesn't follow the spec. |
Ok. Could you please make the necessary adjustments to the openconnect-9999 ebuild? |
Done. Should I patch 7.06_p20160614 or just leave it as is? |
You don't need to touch anything older than 7.07-r2, which is currently being stabilized. |
@@ -0,0 +1,58 @@ | |||
diff --git openssl-esp.c openssl-esp.c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This patch is missing a descriptive header.
Please use the upstream commits as the basis for the patch(es). You can generate them using git format-patch
, or by using the upstream gitweb patch function.
For example:
http://git.infradead.org/users/dwmw2/openconnect.git/patch/9c36560d3ed0aaf5d40c94fb18873584afe96cb8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That patch doesn't apply cleanly to the 7.07 release.. What should I do?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that case, you could manually add a description to your own patch, or we can just wait until the next openconnect release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please regen the patch(es) with a proper patch header.
Patch from voidlinux.
The libressl USE flag works on openconnect-7.06 without modification, but openconnect-7.06_p20160614 requires a patch, as does openconnect-7.07.
@floppym Is this okay? You removed the USE flag before because of a bug report.