Re: LibreSSL 2.1.2 released
On Saturday 2014-12-13 00:08, Brent Cook wrote: >> On Dec 12, 2014, at 5:04 PM, Jan Engelhardt wrote: >> >> To solve that, simply add >> >> libcrypto_la_LDFLAGS = -no-undefined >> [same for libssl,libtls] >> >> Without this, the DLLs won't be produced. > >Thanks for the hint, will do! For reference, here is the full patch I needed. --- crypto/Makefile.am |2 +- crypto/bio/bss_log.c |4 ++-- ssl/Makefile.am |3 ++- tls/Makefile.am |3 ++- 4 files changed, 7 insertions(+), 5 deletions(-) Index: libressl-2.1.2/crypto/Makefile.am === --- libressl-2.1.2.orig/crypto/Makefile.am +++ libressl-2.1.2/crypto/Makefile.am @@ -8,7 +8,7 @@ lib_LTLIBRARIES = libcrypto.la EXTRA_DIST = VERSION -libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ +libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK Index: libressl-2.1.2/crypto/bio/bss_log.c === --- libressl-2.1.2.orig/crypto/bio/bss_log.c +++ libressl-2.1.2/crypto/bio/bss_log.c @@ -70,7 +70,7 @@ #include #include -#ifndef NO_SYSLOG +#if !defined(_WIN32) && !defined(NO_SYSLOG) static int slg_write(BIO *h, const char *buf, int num); static int slg_puts(BIO *h, const char *str); @@ -210,4 +210,4 @@ xcloselog(BIO* bp) closelog(); } -#endif /* NO_SYSLOG */ +#endif /* !WIN32 && !NO_SYSLOG */ Index: libressl-2.1.2/ssl/Makefile.am === --- libressl-2.1.2.orig/ssl/Makefile.am +++ libressl-2.1.2/ssl/Makefile.am @@ -4,8 +4,9 @@ lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION -libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ +libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) +libssl_la_LIBADD = ../crypto/libcrypto.la libssl_la_SOURCES = bio_ssl.c libssl_la_SOURCES += d1_both.c Index: libressl-2.1.2/tls/Makefile.am === --- libressl-2.1.2.orig/tls/Makefile.am +++ libressl-2.1.2/tls/Makefile.am @@ -5,8 +5,9 @@ lib_LTLIBRARIES = libtls.la EXTRA_DIST = VERSION -libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ +libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) +libtls_la_LIBADD = ../ssl/libssl.la libtls_la_SOURCES = tls.c libtls_la_SOURCES += tls_client.c
Re: LibreSSL 2.1.2 released
> On Dec 12, 2014, at 5:04 PM, Jan Engelhardt wrote: > > > With libressl 2.1.2, I observe: > >> ldd -r /usr/lib64/libtls.so.1 >linux-vdso.so.1 (0x7ffe5462e000) >libc.so.6 => /lib64/libc.so.6 (0x7ffe5405f000) >/lib64/ld-linux-x86-64.so.2 (0x7ffe5463) > undefined symbol: GENERAL_NAME_free (/usr/lib64/libtls.so.1) > undefined symbol: X509_NAME_get_text_by_NID (/usr/lib64/libtls.so.1) > undefined symbol: ASN1_STRING_length(/usr/lib64/libtls.so.1) > undefined symbol: SSL_get_error (/usr/lib64/libtls.so.1) > undefined symbol: OBJ_txt2nid (/usr/lib64/libtls.so.1) > undefined symbol: sk_pop_free (/usr/lib64/libtls.so.1) > undefined symbol: SSL_write (/usr/lib64/libtls.so.1) > undefined symbol: SSLv23_client_method (/usr/lib64/libtls.so.1) > undefined symbol: sk_value (/usr/lib64/libtls.so.1) > [...] > > Is this intentional, or would you concur that libressl-2.1.2/tls/Makefile.am > should get a > > libtls_la_LIBADD = ../ssl/libssl.la > > line? That sounds right. > In addition, when building for mingw, there is a warning. > > libtool: link: warning: undefined symbols not allowed in > x86_64-w64-mingw32 shared libraries > > To solve that, simply add > > libcrypto_la_LDFLAGS = -no-undefined > [same for libssl,libtls] > > Without this, the DLLs won't be produced. Thanks for the hint, will do! - Brent
Re: LibreSSL 2.1.2 released
With libressl 2.1.2, I observe: > ldd -r /usr/lib64/libtls.so.1 linux-vdso.so.1 (0x7ffe5462e000) libc.so.6 => /lib64/libc.so.6 (0x7ffe5405f000) /lib64/ld-linux-x86-64.so.2 (0x7ffe5463) undefined symbol: GENERAL_NAME_free (/usr/lib64/libtls.so.1) undefined symbol: X509_NAME_get_text_by_NID (/usr/lib64/libtls.so.1) undefined symbol: ASN1_STRING_length(/usr/lib64/libtls.so.1) undefined symbol: SSL_get_error (/usr/lib64/libtls.so.1) undefined symbol: OBJ_txt2nid (/usr/lib64/libtls.so.1) undefined symbol: sk_pop_free (/usr/lib64/libtls.so.1) undefined symbol: SSL_write (/usr/lib64/libtls.so.1) undefined symbol: SSLv23_client_method (/usr/lib64/libtls.so.1) undefined symbol: sk_value (/usr/lib64/libtls.so.1) [...] Is this intentional, or would you concur that libressl-2.1.2/tls/Makefile.am should get a libtls_la_LIBADD = ../ssl/libssl.la line? In addition, when building for mingw, there is a warning. libtool: link: warning: undefined symbols not allowed in x86_64-w64-mingw32 shared libraries To solve that, simply add libcrypto_la_LDFLAGS = -no-undefined [same for libssl,libtls] Without this, the DLLs won't be produced.
LibreSSL 2.1.2 released
We have released LibreSSL 2.1.2, which will be arriving in the LibreSSL directory of your local OpenBSD mirror soon. This release greatly improves performance, interoperability and portability, while continuing to be easy to build and integrate into your software projects. This release includes: * Two important cipher suites, GOST and Camellia, have been reworked or reenabled, providing better interoperability with systems around the world. * A preview version of the libtls library, a modern and simplified interface for secure client and server communications, is now packaged and can be built optionally for testing. Feedback welcome. * Initial support for Microsoft Windows 32-bit and 64-bit flavors has been added for mingw-w64 targets. This can be used to generate native libraries that are usable in other Windows development environments as well. * Assembly acceleration of various algorithms for ELF (Linux, BSD, Solaris) and OS X systems are enabled for x86_64 CPUs. More optimizations may be enabled in later releases. These optimizations are disabled with the --disable-asm configure flag. * The arc4random_buf(3) calls on FreeBSD and OS X are now replaced with the OpenBSD versions. This fixes current problems with seeding and fork safety until these OS's built-in implementations can be improved. See these code commits for details: https://github.com/libressl-portable/portable/commit/8abf8e1e1577f51deb5c3bc01f076205f1bfb268 https://github.com/libressl-portable/portable/commit/0aeb93b9fc9ecf0f9c2e98444545de485168823d The LibreSSL project also continues improvement of the codebase to reflect modern, safe programming practices. We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible.