Open strongswan bugs
Franco Fichtner
franco at lastsummer.de
Sun Mar 10 07:23:51 UTC 2019
Hi,
> On 9. Mar 2019, at 11:46 AM, Kurt Jaeger <pi at FreeBSD.org> wrote:
>
>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149
>
> I'm unsure about closing this one. Right now strongswan does not
> build with libressl, right ?
It's tricky. LibreSSL is not supported and currently the only
way to make it build is modify the opensslv.h file in LibreSSL
to emit a "compatible" version number since StrongSwan only
uses version checks to figure out features. So this is in
all likeliness a larger upstream issue.
https://wiki.strongswan.org/issues/2495
https://wiki.strongswan.org/issues/2165
> Either the FreeBSD port adds patches to allow build with libressl,
> or upstream does it, otherwise that PR is just unresolved, and
> has to stay open.
Ah, okay, then it should stay open indeed.
>> LibreSSL support in StrongSwan is nonexistent, a patch
>> set for interested parties can be found at:
>>
>> https://github.com/opnsense/ports/blob/master/security/strongswan/Makefile#L126-L131
>
> So, does the maintainer approve that patch ?
See above, requires fudging the OPENSSL_VERSION_NUMBER via
libressl port include file:
https://github.com/opnsense/ports/blob/master/security/libressl/files/patch-include_openssl_opensslv.h
It looks like too much trickery for useful FreeBSD inclusion
although the end result is a working StrongSwan port.
Cheers,
Franco
More information about the freebsd-ports
mailing list