Date: Sun, 10 Mar 2019 08:23:41 +0100 From: Franco Fichtner <franco@lastsummer.de> To: Kurt Jaeger <pi@FreeBSD.org> Cc: FreeBSD Ports <ports@freebsd.org>, "strongswan@nanoteq.com" <strongswan@nanoteq.com> Subject: Re: Open strongswan bugs Message-ID: <B237D193-687A-452A-A152-E329AA503A8F@lastsummer.de> In-Reply-To: <20190309104634.GB5474@home.opsec.eu> References: <3BA04555-E55B-4180-939B-6884E15E41D8@lastsummer.de> <20190309104634.GB5474@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > On 9. Mar 2019, at 11:46 AM, Kurt Jaeger <pi@FreeBSD.org> wrote: >=20 >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212149 >=20 > I'm unsure about closing this one. Right now strongswan does not > build with libressl, right ? It's tricky. LibreSSL is not supported and currently the only way to make it build is modify the opensslv.h file in LibreSSL to emit a "compatible" version number since StrongSwan only uses version checks to figure out features. So this is in all likeliness a larger upstream issue. https://wiki.strongswan.org/issues/2495 https://wiki.strongswan.org/issues/2165 > Either the FreeBSD port adds patches to allow build with libressl, > or upstream does it, otherwise that PR is just unresolved, and > has to stay open. Ah, okay, then it should stay open indeed. >> LibreSSL support in StrongSwan is nonexistent, a patch >> set for interested parties can be found at: >>=20 >> = https://github.com/opnsense/ports/blob/master/security/strongswan/Makefile= #L126-L131 >=20 > So, does the maintainer approve that patch ? See above, requires fudging the OPENSSL_VERSION_NUMBER via libressl port include file: = https://github.com/opnsense/ports/blob/master/security/libressl/files/patc= h-include_openssl_opensslv.h It looks like too much trickery for useful FreeBSD inclusion although the end result is a working StrongSwan port. Cheers, Franco
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B237D193-687A-452A-A152-E329AA503A8F>