Hi
This updates librelp to version 1.9.0. The changelog can be found here:
https://github.com/rsyslog/librelp/blob/master/ChangeLog
Many changes are related to TLS and openssl. I had to add a patch to make
it compile with libressl.
Running the tests shows that librelp does not work with libressl. Most TLS
tests run twice: once with gnutls and once with openssl. The runs with
openssl fail.
Most of the failures look like this:
send: authentication error 'Certificate error in verify_callback at depth: 1
issuer = /CN=rsyslog ca/OU=Adiscon/O=Adiscon
GmbH/L=Grossrinderfeld/ST=BW/C=DE/DC=rsyslog
subject = /CN=rsyslog ca/OU=Adiscon/O=Adiscon
GmbH/L=Grossrinderfeld/ST=BW/C=DE/DC=rsyslog
err 53:unsupported or invalid name syntax
', object 'unsupported or invalid name syntax'
The certificate used by the test with the above error is this one:
https://github.com/rsyslog/librelp/tree/master/tests/tls-certs/cert.pm
rsyslogd is the user of librelp and our package is linked against gnutls
and therefor not directly affected by these failures with libressl.
I verified that rsyslogd in ports can still send messages with omrelp and
tls=on. The rsyslogd package needs to be rebuilt (library version).
Comments, hints, OKs?
Remi
Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/librelp/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile 25 Aug 2020 05:48:54 -0000 1.17
+++ Makefile 7 Feb 2021 10:42:03 -0000
@@ -2,9 +2,9 @@
COMMENT = reliable event logging protocol library
-DISTNAME = librelp-1.6.0
+DISTNAME = librelp-1.9.0
-SHARED_LIBS += relp 4.0 # 5.0
+SHARED_LIBS += relp 5.0 # 5.0
CATEGORIES = sysutils
@@ -15,7 +15,7 @@ MAINTAINER = Remi Locherer <remi@openbsd
# GPLv3+
PERMIT_PACKAGE = Yes
-WANTLIB = ffi gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread
+WANTLIB = gmp gnutls hogweed iconv idn2 intl nettle p11-kit pthread
WANTLIB += tasn1 unistring crypto ssl
MASTER_SITES = http://download.rsyslog.com/librelp/
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/librelp/distinfo,v
retrieving revision 1.9
diff -u -p -r1.9 distinfo
--- distinfo 25 Aug 2020 05:48:54 -0000 1.9
+++ distinfo 7 Feb 2021 10:42:24 -0000
@@ -1,2 +1,2 @@
-SHA256 (librelp-1.6.0.tar.gz) = z2zJSKWz0eVrMlFYXBG+6hxbKF/L+OKa1olVx+t1+Mo=
-SIZE (librelp-1.6.0.tar.gz) = 522827
+SHA256 (librelp-1.9.0.tar.gz) = JO6ehDlg0UAKRP+u2wseyRRj34+KzKhpzAJ+0l7mvzM=
+SIZE (librelp-1.9.0.tar.gz) = 540477
Index: patches/patch-src_tcp_c
===================================================================
RCS file: patches/patch-src_tcp_c
diff -N patches/patch-src_tcp_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_tcp_c 10 Jan 2021 23:44:08 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: src/tcp.c
+--- src/tcp.c.orig
++++ src/tcp.c
+@@ -1494,7 +1494,7 @@ relpTcpSslInitCerts(relpTcp_t *const pThis, char *ownC
+ ENTER_RELPFUNC;
+
+ if( ownCertFile!= NULL ) {
+- #if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ #if OPENSSL_VERSION_NUMBER >= 0x10100000L &&
!defined(LIBRESSL_VERSION_NUMBER)
+ if (SSL_use_certificate_chain_file(pThis->ssl, ownCertFile) !=
1) {
+ #else
+ if (SSL_use_certificate_file(pThis->ssl, ownCertFile,
SSL_FILETYPE_PEM) != 1) {
