-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't build with LibreSSL 2.7.0 #1706
Comments
Maybe it works if apply 3 patches below: diff --git a/include/h2o/openssl_backport.h b/include/h2o/openssl_backport.h
index b24440e..b59a519 100644
--- a/include/h2o/openssl_backport.h
+++ b/include/h2o/openssl_backport.h
@@ -25,7 +25,7 @@
#include <stdlib.h>
/* backports for OpenSSL 1.0.2 */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
#define BIO_get_data(bio) ((bio)->ptr)
#define BIO_set_data(bio, p) ((bio)->ptr = (p))
@@ -57,7 +58,7 @@ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
#endif
/* backports for OpenSSL 1.0.1 and LibreSSL */
-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
#define SSL_is_server(ssl) ((ssl)->server) diff --git a/deps/neverbleed/neverbleed.c b/deps/neverbleed/neverbleed.c
index 29b35a9..42356a6 100644
--- a/deps/neverbleed/neverbleed.c
+++ b/deps/neverbleed/neverbleed.c
@@ -547,7 +547,7 @@ static int sign_stub(struct expbuf_t *buf)
return 0;
}
-#if !OPENSSL_1_1_API
+#if !OPENSSL_1_1_API && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{ diff --git a/deps/picotls/lib/openssl.c b/deps/picotls/lib/openssl.c
index a19a29a..c4dfccb 100644
--- a/deps/picotls/lib/openssl.c
+++ b/deps/picotls/lib/openssl.c
@@ -41,13 +41,15 @@
#include "picotls.h"
#include "picotls/openssl.h"
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-#define OPENSSL_1_0_API 1
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+#define OPENSSL_1_1_API 1
+#elif defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
+#define OPENSSL_1_1_API 1
#else
-#define OPENSSL_1_0_API 0
+#define OPENSSL_1_1_API 0
#endif
-#if OPENSSL_1_0_API
+#if !OPENSSL_1_1_API
#define EVP_PKEY_up_ref(p) CRYPTO_add(&(p)->references, 1, CRYPTO_LOCK_EVP_PKEY)
#define X509_STORE_up_ref(p) CRYPTO_add(&(p)->references, 1, CRYPTO_LOCK_X509_STORE)
(Note: "H2O 2.2.4+" means "H2O 2.2.4 + patches") |
h2o/h2o#1706 (comment) Signed-off-by: AIZAWA Hina <hina@bouhime.com>
Good catch!
I've confirmed that H2O 2.2.4 and master with your patches can be built successfully with LibreSSL 2.6.3 on OpenBSD 6.2. |
Confirm that this works on FreeBSD with LibreSSL 2.7.1 |
h2o/h2o#1706 h2o/h2o#1707 h2o/h2o#1718 Signed-off-by: AIZAWA Hina <hina@bouhime.com>
I've built H2O-HEAD vanilla + LibreSSL 2.7.2 and it works. It's not released yet. Thank you @kazuho for your work. |
- LibreSSL 2.7 implements OpenSSL 1.1 API - Use patch from upstream: h2o/h2o#1706 Closes: #8329 Package-Manager: Portage-2.3.36, Repoman-2.3.9
I tried to build H2O with LibreSSL 2.7.0 that released March 21st.
Then, build process fails with error messages below.
(both master branch (commit 0376131) and H2O v2.2.4)
The release note of LibreSSL says "Added support for many OpenSSL 1.0.2 and 1.1 APIs" and it looks backport code of H2O hasn't compatible with that.
I don't think that this problem is environmental dependent, but I describe my environment.
cmake -DWITH_MRUBY=on -DCMAKE_INSTALL_PREFIX=%{_prefix} -DCMAKE_INCLUDE_PATH=%{libressl_root}/include -DCMAKE_LIBRARY_PATH=%{libressl_root}/lib
It can build with same build script with LibreSSL 2.6.4.
The text was updated successfully, but these errors were encountered: