Opened 3 years ago

Closed 3 years ago

#21359 closed defect (fixed)

Build with opaque LibreSSL

Reported by: rubiate Owned by:
Priority: Medium Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: 029-backport
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


LibreSSL in OpenBSD-current now has opaque structures like recent OpenSSL.

There's a few quirks to this:

LibreSSL doesn't have the SSL_get_client_ciphers() function. It's currently assumed that if OPENSSL_OPAQUE is set that function will exist.

Fixing this (probably?) shouldn't use LIBRESSL_VERSION_NUMBER because that only changes when a new versions of libresl-portable is released, so the libressl in -current with opaque structures still has the same LIBRESSL_VERSION_NUMBER as the released version of LibreSSL without opaque structures.

The SSL_STATE_STR hasn't changed in LibreSSL like it apparently did in OpenSSL 1.1.0.

Child Tickets

Attachments (1)

acopaque.patch (2.1 KB) - added by rubiate 3 years ago.

Download all attachments as: .zip

Change History (6)

Changed 3 years ago by rubiate

Attachment: acopaque.patch added

comment:1 Changed 3 years ago by rubiate

Attempt at a patch. It adds an autoconf check to see if the structures are opaque or not instead of using version number checks. Is there possibly a better way to do this?

If this is the right way to go I'll create a branch with this and a changes file.

comment:2 Changed 3 years ago by nickm

Keywords: 029-backport added
Milestone: Tor: 0.3.0.x-final
Type: enhancementdefect

This looks like it's worth fixing, and conceivably backporting. Yeah, a branch would be great.

comment:3 Changed 3 years ago by rubiate

Branch is in the repo called ticket21359

Web view of commit:;a=commitdiff;h=bc22a01ade96aacd25e08e4139df8f6a2b59b890

Last edited 3 years ago by rubiate (previous) (diff)

comment:4 Changed 3 years ago by nickm

Status: newneeds_review

comment:5 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed

Cherry-picked to maint-0.2.9 and merged forward; thanks!

Note: See TracTickets for help on using tickets.