Re: Broken for OpenSSL 1.1

Wed, 21 Dec 2022 20:53:14 -0800 


On Wed, 21 Dec 2022, Hal Murray wrote:


but if breaking OpenSSL 1.1 was unintentional, then it needs to  be fixed


I'm not aware of any intententional breakage.  I'm pretty sure we would have
done it at configure time.



I don't think *unintentional* breakage would be done at configure time. 
:-)



I'm aware of the intentional version check that prevents building without 
--disable-nts on any of my Linux or BSD VMs, or my BeagleBone timeservers.



I have git head building on several older systems that are still using 1.1
I'm pretty sure that at least one of them is running but I'd have to poke
around a bit to verify that.

What version of 1.1 is MacPorts using?  Are they doing anything non-standard?



It's 1.1.1s, which is the latest 1.1.  I don'think there's anything 
nonstandard besides using versioned install locations so that multiple 
versions can be installed side-by-side.



The CMAC stuff was never supported and is now deprecated.  If we are going to
have troubles like this, that's a likely corner.



Yeah, I've seen all those warnings fly by in some cases, though not this 
one.



devel@ntpsec.org said:

Undefined symbols:
   "_EVP_CIPHER_key_length", referenced from:
       _check_key_length in libntp.a(authreadkeys.c.1.o)
       _check_mac_length in libntp.a(authreadkeys.c.1.o)
   "_SSL_get_peer_certificate", referenced from:
       _check_certificate in nts_client.c.1.o ld: symbol(s) not found
collect2: ld returned 1 exit status


Those are underbar symbols.  I don't think we use any of them directly.
Current man page says:
[big long list]
      functions were renamed to include "get" or "get0" in their names in
      OpenSSL 3.0, respectively. The old names are kept as non-deprecated
      alias macros.



The leading underscores are prepended by the compiler to form the linker 
symbols, and not the way the symbols appear in the source.  Note the 
referencing function names.



I guess if you don't see the issue I'll have to look more closely; I 
thought you might "just know" the problem.


Fred Wright
_______________________________________________
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel






















					Reply via email to