Dears OpenBSD installed 24.01.2025 from image install76.img witth syspatch applied:
uname -a OpenBSD klocek.my.domain 7.6 GENERIC.MP#0 amd64 Installed from packages: easy-rsa-3.1.1 small RSA key management package openvpn-2.6.12 easy-to-use, robust, and highly configurable VPN LibreSSL from basesystem: openssl version LibreSSL 4.0.0 In such a configuration, easy-rsa gives us following errors (gen-dh, build-ca and other commands):: ./easyrsa gen-dh Easy-RSA error: Unsupported SSL library: 4 And/or: Easy-RSA error: build-ca ssl lib: 4 This is caused beacuse major version of LibreSSL (4) is unknown for easyrsa script: 886 case "$osslv_major" in 887 1) no_password='-nodes' ;; 888 2) no_password='-nodes' ;; 889 3) 890 case "$ssl_lib" in 891 openssl) no_password='-noenc' ;; 892 libressl) no_password='-nodes' ;; 893 *) die "Unsupported SSL library: $ssl_lib" 894 esac 895 ;; 896 *) die "Unsupported SSL library: $osslv_major" And: 1397 case "$osslv_major" in 1398 1399 # Version agnostic CA generation 1400 # The only remaining option which is version dependent is -nodes/-noenc 1401 1|2|3)# [SNIP] 1447 *) die "build-ca ssl lib: $osslv_major" I solved the problem by my own, by appying following chagnes: diff -ru /usr/local/share/easy-rsa/easyrsa easyrsa --- /usr/local/share/easy-rsa/easyrsa Fri Sep 27 18:40:44 2024 +++ easyrsa Mon Jan 27 09:09:10 2025 @@ -886,7 +886,7 @@ case "$osslv_major" in 1) no_password='-nodes' ;; 2) no_password='-nodes' ;; - 3) + 3|4) case "$ssl_lib" in openssl) no_password='-noenc' ;; libressl) no_password='-nodes' ;; @@ -1398,7 +1398,7 @@ # Version agnostic CA generation # The only remaining option which is version dependent is -nodes/-noenc - 1|2|3) + 1|2|3|4) # Generate CA Key case "$EASYRSA_ALGO" in rsa)as it is done within current version od easy-rsa script (3.1.8) taken straight from GitHub. With changes shown above, whole process of building tls stuff for OpenVPN, went properly. Nevertheless I expect this bug is not the only thing in easy rsa script, that requires maintenance. Please, review easy-rsa package. WIth regards Grzegorz Świtkowski
