On 2018/11/05 15:44, helmut.kiessl...@btinternet.com wrote: > Hi Stuat, > > Sure I will check the -current ports next - anyway below is what I have > ssl_engine_init.c file: > > 1492 X509_STORE_CTX *sctx; > 1493 X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx); > 1494 > 1495 #if OPENSSL_VERSION_NUMBER >= 0x1010100fL && > 1496 !defined(LIBRESSL_VERSION_NUMBER)
That should be on one line as in https://marc.info/?l=openbsd-bugs&m=154110428003192&w=2 > 1497 /* For OpenSSL >=1.1.1, turn on client cert support which is > 1498 * otherwise turned off by default (by design). > 1499 * https://github.com/openssl/openssl/issues/6933 */ > > Thanks, > Helmut Kiessling > > -----Original Message----- > From: Stuart Henderson <s...@spacehopper.org> > Sent: 05 November 2018 14:40 > To: helmut.kiessl...@btinternet.com > Cc: bugs@openbsd.org > Subject: Re: Apache 2.4.37 SSL_CTX_set_post_handshake_auth error > > On 2018/11/05 14:19, helmut.kiessl...@btinternet.com wrote: > > Hi Stuart, > > > > Thanks however with the those fixes mentioned in ssl_engine_init.c I > > hit the following error when compiling, any ideas? > > > > /usr/bin/libtool --silent --mode=compile cc -pthread -D_POSIX_THREADS > > -DAPR_POOL_DEBUG=1 -I. > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/os/unix > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/include > > -I/usr/local/include/apr-1/ -I/usr/local/include > > -I/usr/local/include/db4 > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/aaa > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/cache > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/core > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/database > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/filters > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ldap > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/loggers > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/lua > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/proxy > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/http2 > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/session > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ssl > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/test > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/server > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/md > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/arch/unix > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/dav/main > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/generators > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/mappers > > -prefer-pic -c ssl_engine_init.c && touch ssl_engine_init.slo > > ssl_engine_init.c:1495:45: error: expected value in expression #if > > OPENSSL_VERSION_NUMBER >= 0x1010100fL && > > ^ > > 1 error generated. > > There should be a "!defined(LIBRESSL_VERSION_NUMBER)" after the &&. > > I would suggest just building from -current ports if you're having problems. > > > Error while executing cc -pthread -D_POSIX_THREADS -DAPR_POOL_DEBUG=1 -I. > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/os/unix - > > I/root/openbsd64_distsrv_install/httpd-2.4.37/include > > -I/usr/local/include/apr-1/ -I/usr/local/include > > -I/usr/local/include/db4 -I > > /root/openbsd64_distsrv_install/httpd-2.4.37/modules/aaa > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/cache > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/core > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/database > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/filters > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ldap > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/loggers > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/lua > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/proxy > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/http2 > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/session > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/ssl > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/test > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/server > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/md > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/arch/unix > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/dav/main > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/generators > > -I/root/openbsd64_distsrv_install/httpd-2.4.37/modules/mappers -c > > ssl_engine_init.c -fPIC -DPIC -o .libs/ssl_engine_init.o > > *** Error 1 in modules/ssl > > (/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:212 > > 'ssl_engine_init.slo') > > *** Error 1 in modules/ssl > > (/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:140 > > 'shared-build-recursive') > > *** Error 1 in modules > > (/root/openbsd64_distsrv_install/httpd-2.4.37/build/rules.mk:140 > > 'shared-build-recursive') > > *** Error 1 in . (build/rules.mk:140 'shared-build-recursive') > > *** Error 1 in /root/openbsd64_distsrv_install/httpd-2.4.37 > > (build/rules.mk:93 'all-recursive') > > > > Thanks Again, > > Helmut Kiessling > > > > -----Original Message----- > > From: Stuart Henderson <s...@spacehopper.org> > > Sent: 01 November 2018 18:06 > > To: helmut.kiessl...@btinternet.com > > Cc: bugs@openbsd.org > > Subject: Re: Apache 2.4.37 SSL_CTX_set_post_handshake_auth error > > > > On 2018/11/01 12:58, helmut.kiessl...@btinternet.com wrote: > > > Hi, > > > > > > > > > > > > I hit the following error after building Apache 2.4.37 in OpenBSD > > > 6.4 and trying to start it: > > > > > > httpd:/usr/local/apache2/modules/mod_ssl.so: undefined symbol > > > 'SSL_CTX_set_post_handshake_auth' > > > > > > No problems with Apache 2.4.33 in the same environment. > > > > > > > > > > > > Do you guys have any ideas where I should try to find a solution for it? > > > > > > > > > > > > Many Thanks, > > > > > > Helmut Kiessling > > > > > > > The patch below is needed, I've just committed a fix to ports. > > > > Index: modules/ssl/ssl_engine_init.c > > --- modules/ssl/ssl_engine_init.c.orig > > +++ modules/ssl/ssl_engine_init.c > > @@ -1492,7 +1492,7 @@ static apr_status_t ssl_init_proxy_certs(server_rec > *s > > X509_STORE_CTX *sctx; > > X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx); > > > > -#if OPENSSL_VERSION_NUMBER >= 0x1010100fL > > +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && > > +!defined(LIBRESSL_VERSION_NUMBER) > > /* For OpenSSL >=1.1.1, turn on client cert support which is > > * otherwise turned off by default (by design). > > * https://github.com/openssl/openssl/issues/6933 */ > > > > >