Jay, Thank you very much. Your email helped me solve my issue. Thanks again, Phil
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jay Foster Sent: Thursday, October 30, 2014 4:21 PM To: openssl-users@openssl.org Subject: Re: Make depend issue in Openssl-1.0.1j/ssl I ran into this as well, but fixed it. The issue for me was my build environment was for a cross compilation. It had some extra compiler/linker options that caused the compiler to search the sysroot path header files before the ones specified by -I<path> statements. The result was the compiler was using the OpenSSL header files from my tool chain instead of the ones in the (latest) source. The tool chain had the previous version installed, so was missing the TLS_MAX_VERSION definition. Normally, -I<path> include directives will get searched first, before any normal system search paths. This will get the correct header files from the source tree. If you do something like '-nostdinc -I${SYSROOT}/usr/include -I<path>', then the reverse will happen. Ref https://gcc.gnu.org/onlinedocs/cpp/Search-Path.html. Jay On 10/30/2014 12:40 PM, Philip Bellino wrote: Hello, I am running in the following issue when I do a "make depend (after the "./config shared no-ssl3"): making depend in ssl... make[3]: Entering directory '......./openssl-1.0.1j/ssl' s3_lib.c:3370:4: #error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. d1_lib.c:274:4: #error Code needs update for DTLS_method() support beyond DTLS1_VERSION. make[3]: *** [depend] Error 1 In ssl/s3_lib.c, there is a new case statement in openssl-1.0.1j: case SSL_CTRL_CHECK_PROTO_VERSION: /* For library-internal use; checks that the current protocol * is the highest enabled version (according to s->ctx->method, * as version negotiation may have changed s->method). */ if (s->version == s->ctx->method->version) return 1; /* Apparently we're using a version-flexible SSL_METHOD * (not at its highest protocol version). */ if (s->ctx->method->version == SSLv23_method()->version) { #if TLS_MAX_VERSION != TLS1_2_VERSION # error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. #endif if (!(s->options & SSL_OP_NO_TLSv1_2)) return s->version == TLS1_2_VERSION; if (!(s->options & SSL_OP_NO_TLSv1_1)) return s->version == TLS1_1_VERSION; if (!(s->options & SSL_OP_NO_TLSv1)) return s->version == TLS1_VERSION; if (!(s->options & SSL_OP_NO_SSLv3)) return s->version == SSL3_VERSION; if (!(s->options & SSL_OP_NO_SSLv2)) return s->version == SSL2_VERSION; } return 0; /* Unexpected state; fail closed ------------------------------------------------------------------------------------------------------ A grep -ri TLS_MAX_VERSION * include/openssl/tls1.h:#define TLS_MAX_VERSION TLS1_2_VERSION ssl/s23_clnt.c: /* ensure that TLS_MAX_VERSION is up-to-date */ ssl/s23_clnt.c: OPENSSL_assert(s->version <= TLS_MAX_VERSION); ssl/s3_lib.c:#if TLS_MAX_VERSION != TLS1_2_VERSION ssl/tls1.h:#define TLS_MAX_VERSION TLS1_2_VERSION and a grep -ri DTLS_MAX_VERSION * include/openssl/dtls1.h:#define DTLS_MAX_VERSION DTLS1_VERSION ssl/dtls1.h:#define DTLS_MAX_VERSION DTLS1_VERSION ssl/d1_lib.c:#if DTLS_MAX_VERSION != DTLS1_VERSION ssl/d1_lib.c: return s->version == DTLS_MAX_VERSION; This leads me to believe that the code should never have the above error conditions occur, but in fact it is. Any help would be most appreciated and I apologize if I am missing something in my analysis. Thanks, Phil Phil Bellino Principal Software Engineer| MRV Communications Inc. 300 Apollo Drive | Chelmsford, MA 01824 Phone: 978-674-6870 | Fax: 978-674-6799 www.mrv.com [MRV-email] [Image removed by sender. E-Banner]<http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture> The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited. [E-Banner]<http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture> The contents of this message, together with any attachments, are intended only for the use of the person(s) to whom they are addressed and may contain confidential and/or privileged information. If you are not the intended recipient, immediately advise the sender, delete this message and any attachments and note that any distribution, or copying of this message, or any attachment, is prohibited.
