portable
portable copied to clipboard
Published
20 hours ago •
libressl
libressl
libressl 3.7.x doesn't support SSL_set0_wbio()
When building keepalived-2.2.7 it fails because SSL_set0_wbio() is not implemented. Are there any plans for this function?
check_ssl.c: In function 'ssl_connect':
check_ssl.c:240:17: error: implicit declaration of function 'SSL_set0_wbio'; did you mean 'SSL_set0_rbio'? [-Werror=implicit-function-declaration]
240 | SSL_set0_wbio(req->ssl, req->bio);
| ^~~~~~~~~~~~~
| SSL_set0_rbio
https://github.com/acassen/keepalived/blob/292b299e8bc4227b2380af7ee17ffceaca9f5a05/keepalived/check/check_ssl.c#L263
The issue is easy to workaround.
--- a/configure.ac
+++ b/configure.ac
@@ -1327,7 +1327,7 @@ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
AC_CHECK_FUNCS([SSL_CTX_set_verify_depth])
# SSL_set0_rbio(), SSL_set0_wbio() OPENSSL_init_crypto() and TLS_method() introduced OpenSSL v1.1.0
-AC_CHECK_FUNCS([SSL_set0_rbio OPENSSL_init_crypto TLS_method])
+AC_CHECK_FUNCS([SSL_set0_rbio SSL_set0_wbio OPENSSL_init_crypto TLS_method])
# In OpenSSL v1.1.1 the call to SSL_CTX_new() fails if OPENSSL_init_crypto() has been called with
# OPENSSL_INIT_NO_LOAD_CONFIG. It does not fail in v1.1.0h and v1.1.1b.
--- a/keepalived/check/check_ssl.c
+++ b/keepalived/check/check_ssl.c
@@ -234,7 +234,7 @@ ssl_connect(thread_ref_t thread, int new_req)
BIO_get_fd(req->bio, &bio_fd);
if (fcntl(bio_fd, F_SETFD, fcntl(bio_fd, F_GETFD) | FD_CLOEXEC) == -1)
log_message(LOG_INFO, "Setting CLOEXEC failed on ssl socket - errno %d", errno);
-#ifdef HAVE_SSL_SET0_RBIO
+#if defined HAVE_SSL_SET0_RBIO && defined HAVE_SSL_SET0_WBIO
BIO_up_ref(req->bio);
SSL_set0_rbio(req->ssl, req->bio);
SSL_set0_wbio(req->ssl, req->bio);
OpenSSL documentation: https://www.openssl.org/docs/man3.1/man3/SSL_set_bio.html
Upstream hid the issue in commits https://github.com/acassen/keepalived/commit/bbec15d4781670ac1be5e543cb04543f79200e69 and https://github.com/acassen/keepalived/commit/5cb40301f5cd8fbedbb756cd3d838def7293e0bd.