[openssl-users] OPenssl and dependencies such as openssh

The Doctor doctor at doctor.nl2k.ab.ca
Tue Jan 5 22:33:50 UTC 2016 

On Tue, Jan 05, 2016 at 09:19:32AM -0700, The Doctor wrote:
> On Mon, Jan 04, 2016 at 07:22:04PM +0000, Viktor Dukhovni wrote:
> > On Mon, Jan 04, 2016 at 09:08:31AM -0700, The Doctor wrote:
> > 
> > >                 if ((rc = fprintf(fd ,"%08x (%s)\n", SSLeay(),
> > >                     SSLeay_version(SSLEAY_VERSION))) <0)
> > > 
> > > Could there be anything that is causing openssh not to see the new openssl 1.1 
> > 
> > The above. The SSLeay names are gone.  The new way is:
> > 
> > 	     if ((rc = fprintf(fd ,"%08x (%s)\n", OpenSSL_version_num(),
> > 		 OpenSSL_version(OPENSSL_VERSION))) <0)
> > 
> > I think it is likely prudent at this time to restore source-
> > backwards-compatible behaviour, by adding to <openssl/crypto.h>:
> > 
> >     #if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < 0x10100000L
> >     # include <openssl/opensslv.h>
> >     # define SSLeay                  OpenSSL_version_num
> >     # define SSLeay_version          OpenSSL_version
> >     # define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
> >     # define SSLEAY_VERSION          OPENSSL_VERSION
> >     # define SSLEAY_CFLAGS           OPENSSL_CFLAGS
> >     # define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
> >     # define SSLEAY_PLATFORM         OPENSSL_PLATFORM
> >     # define SSLEAY_DIR              OPENSSL_DIR
> >     #endif /* OPENSSL_API_COMPAT */
> > 
> > Users who want to make sure they are avoiding interfaces that are
> > deprecated with 1.1.0 can set OPENSSL_API_COMPAT to 0x10100000L or
> > higher as appropriate.
> 
> 
> Tip of the iceberg.
> 
> Number of changes are needed to be committed before launching.
> 
> >From inn:
> 
> tls.o: In function `tmp_dh_cb':
> /usr/source/inn-CURRENT-20160105/nnrpd/tls.c:219: undefined reference to `DH_generate_parameters'
> tls.o: In function `tls_init_serverengine':
> /usr/source/inn-CURRENT-20160105/nnrpd/tls.c:498: undefined reference to `SSLv23_server_method'
> gmake[1]: *** [nnrpd] Error 1              
> 
> so 219 and that area gives us
> 
>  default:
>                 /* We should check current keylength vs. requested keylength
>                  * also, this is an extremely expensive operation! */
>                 dh = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NU
> LL);
>                 r = dh;   
> 
> I just comment these 2 lines out for now
> 
> line 498  is
> 
> CTX = SSL_CTX_new(SSLv23_server_method());
> 
> I just replace as follows
> 
>    CTX = SSL_CTX_new(TLS_server_method());
> 
> A better fix is neeeded.
> 
> And there is Apache 2.4
> 
> Making all in support
> /usr/source/httpd-2.4.18/srclib/apr/libtool --silent --mode=link /usr/bin/gcc -std=gnu99  -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wpointer-arith -Wformat -Wformat-security  -Wall -g -O2 -L/usr/contrib/lib -lssl -lcrypto -lpthread        -o ab -static ab.lo   -L/usr/lib -lc -lm -ldl -liconv -lintl -lutil -ldb -levent   /usr/source/httpd-2.4.18/srclib/apr-util/libaprutil-1.la -lexpat /usr/source/httpd-2.4.18/srclib/apr/libapr-1.la -lpthread -lm
> ab.o: In function `test':
> /usr/source/httpd-2.4.18/support/ab.c:1863: undefined reference to `SSL_state' 
> 
> and this piece of code is
> 
>                         set_conn_state(c, STATE_CONNECTED);
> #ifdef USE_SSL
>                         if (c->ssl)
>                             ssl_proceed_handshake(c);
>                         else
> #endif
>                         write_request(c);  
> 
> Looks like a lots of rewriting to do.
> 
>

Here is one from bind-9.6-ESV-R11 (Yes this branch is no longer supported)

libtool: link: /usr/bin/gcc -g -O2 -Wall -I/usr/contrib/include/libxml2 -o named builtin.o client.o config.o control.o controlconf.o interfacemgr.o listenlist.o log.o logconf.o main.o notify.o query.o server.o sortlist.o statschannel.o tkeyconf.o tsigconf.o update.o xfrout.o zoneconf.o lwaddr.o lwresd.o lwdclient.o lwderror.o lwdgabn.o lwdgnba.o lwdgrbn.o lwdnoop.o lwsearch.o unix/os.o  ../../lib/lwres/.libs/liblwres.a -L/usr/contrib/lib -L/usr/lib ../../lib/dns/.libs/libdns.a ../../lib/bind9/.libs/libbind9.a /usr/source/bind-9.6-ESV-R11/lib/isccfg/.libs/libisccfg.a ../../lib/isccfg/.libs/libisccfg.a /usr/source/bind-9.6-ESV-R11/lib/dns/.libs/libdns.a /usr/source/bind-9.6-ESV-R11/lib/isccc/.libs/libisccc.a -lcrypto ../../lib/isccc/.libs/libisccc.a /usr/source/bind-9.6-ESV-R11/lib/isc/.libs/libisc.a ../../lib/isc/.libs/libisc.a /usr/contrib/lib/libxml2.so /usr/contrib/lib/liblzma.so -lz -lpthread /usr/lib/libiconv.so -lm -ldl -Wl,-rpath -Wl,/usr/contrib/lib -Wl,-rpath -Wl,/usr/contrib/lib
../../lib/dns/.libs/libdns.a(openssl_link.o): In function `dst__openssl_init':
/usr/source/bind-9.6-ESV-R11/lib/dns/openssl_link.c:171: undefined reference to `CRYPTO_set_id_callback'
../../lib/dns/.libs/libdns.a(openssl_link.o): In function `dst__openssl_destroy':
/usr/source/bind-9.6-ESV-R11/lib/dns/openssl_link.c:304: undefined reference to `ERR_remove_state'
../../lib/dns/.libs/libdns.a(openssldh_link.o): In function `dst__openssldh_init':
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldh_link.c:624: undefined reference to `BN_init'
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldh_link.c:625: undefined reference to `BN_init'
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldh_link.c:626: undefined reference to `BN_init'
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldh_link.c:627: undefined reference to `BN_init'
../../lib/dns/.libs/libdns.a(openssldsa_link.o): In function `openssldsa_createctx':
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldsa_link.c:65: undefined reference to `EVP_MD_CTX_create'
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldsa_link.c:69: undefined reference to `EVP_dss1'
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldsa_link.c:70: undefined reference to `EVP_MD_CTX_destroy'
../../lib/dns/.libs/libdns.a(openssldsa_link.o): In function `openssldsa_destroyctx':
/usr/source/bind-9.6-ESV-R11/lib/dns/openssldsa_link.c:95: undefined reference to `EVP_MD_CTX_destroy'
../../lib/dns/.libs/libdns.a(opensslrsa_link.o): In function `opensslrsa_createctx':
/usr/source/bind-9.6-ESV-R11/lib/dns/opensslrsa_link.c:130: undefined reference to `EVP_MD_CTX_create'
/usr/source/bind-9.6-ESV-R11/lib/dns/opensslrsa_link.c:157: undefined reference to `EVP_MD_CTX_destroy'
../../lib/dns/.libs/libdns.a(opensslrsa_link.o): In function `opensslrsa_destroyctx':
/usr/source/bind-9.6-ESV-R11/lib/dns/opensslrsa_link.c:234: undefined reference to `EVP_MD_CTX_destroy'
*** Error code 1

Stop.
*** Error code 1

Stop.
*** Error code 1

Stop.                                              
 
> 
> 
> > 
> > -- 
> > 	Viktor.
> > _______________________________________________
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> -- 
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
> God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
> http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
> Birthdate 29 Jan 1969 Redhill, Surrey, UK
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism
Birthdate 29 Jan 1969 Redhill, Surrey, UK

More information about the bind-users mailing list