[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Porting conserver to OpenSSL 1.1

Chris solo-conserver@goeswhere.com
Sat, 29 Jul 2017 12:07:47 GMT

On Fri, Jul 28, 2017 at 12:00:55PM -0400, John Stoffel wrote:
> Can you give more details on your evironment, and the exact version of
> openssl you have installed?

The packages installed are: https://paste.debian.net/978748/

libssl-dev/unstable,now 1.1.0f-3 amd64 [installed]

The build is being done in a Debian Sid chroot, which is how Debian
packages are typically developed. It's essentially the most minimal
environment in which you could expect things to build; minimal other
distractions, and a really good idea about exactly what has changed.
In this environment, conserver's tests pass fine with openssl 1.0.
The easiest way to simulate this on other systems is probably with
Docker, instead of trying to use pbuilder:

Start a Debian Sid container, interactively:
$ docker run -it debian:sid

And, inside, download the dependencies, the code, then try and build:

apt update && \
  apt upgrade --yes && \
  apt install --yes git ca-certificates debhelper build-essential && \
  apt install --yes libpam0g-dev libwrap0-dev libssl-dev && \
  git clone https://github.com/FauxFaux/conserver && \
  cd conserver && \
  autoreconf -fvi && \
  ./configure --with-openssl && \
  make && \
  make test

> Also, looking at your patch, I see that you removed DH_new() call, but
> never replaced it.  So I wonder if that's part of the problem?

The DH_new() call has been moved down the method, to make the error handling
easier. But, it can't be the problem anyway: the new code is never hit; the
log statement in `TmpDHCallback` is never reached, so the new code cannot
be the problem.