Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-25296

FTBFS on OpenBSD 7.5 (agent) with OpenSSL (LibreSSL)

XMLWordPrintable

    • Prev.Sprint, S24-W40/41, S24-W48/49
    • 0.25

      When building the C agent on OpenBSD 7.5 with libssl/libcrypto support (--with-openssl), the build fails due to src/libs/zbxcomms/tls_openssl.c conditionally[1] defining a static implementation of OPENSSL_cleanup()[2], which conflicts with the declaration in openssl/crypto.h[3].

      In src/libs/zbxcomms/tls_openssl.c[4] we keep this implementation behind a preprocessor guard that tests if OPENSSL_VERSION_NUMBER is less than 0x1010000fL or if LIBRESSL_VERSION_NUMBER is defined – that is to say that we assume LibreSSL only implements the pre-1.0.1 OpenSSL API, which is not the case.

      openssl/opensslv.h on OpenBSD defines two version number macros - OPENSSL_VERSION_NUMBER, which is fixed at 0x20000000L and never changing, and LIBRESSL_VERSION_NUMBER, which is updated in sync with releases of LibreSSL-portable.

      See an excerpt of the build log below:

      Making all in zbxcomms
      tls_openssl.c:164:13: error: static declaration of 'OPENSSL_cleanup' follows non-static declaration
      static void     OPENSSL_cleanup(void)
                      ^
      /usr/include/openssl/crypto.h:431:6: note: previous declaration is here
      void OPENSSL_cleanup(void);
           ^
      tls_openssl.c:550:17: error: incomplete definition of type 'struct ssl_ctx_st'
                      cipher_list = SSL_CTX_get_ciphers(ciphers);
                                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
      ../../../include/zbxcomms.h:378:51: note: expanded from macro 'SSL_CTX_get_ciphers'
      #       define SSL_CTX_get_ciphers(ciphers)                     ((ciphers)->cipher_list)
                                                                       ~~~~~~~~~^
      /usr/include/openssl/ossl_typ.h:158:16: note: forward declaration of 'struct ssl_ctx_st'
      typedef struct ssl_ctx_st SSL_CTX;
                     ^
      tls_openssl.c:1522:61: warning: format specifies type 'long long' but the argument has type 'ssize_t' (aka 'long') [-Wformat]
                                                              " returned undocumented code " ZBX_FS_SSIZE_T, func, res);
                                                                                             ~~~~~~~~~~~~~~        ^~~
      1 warning and 2 errors generated.
      *** Error 1 in target 'libzbxcomms_a-tls_openssl.o'
      *** Error 1 in src/libs/zbxcomms (Makefile:576 'libzbxcomms_a-tls_openssl.o': cc -DHAVE_CONFIG_H -I../../../include/common -I../../../includ...)
      *** Error 1 in src/libs (Makefile:664 'all-recursive')
      *** Error 1 in src (Makefile:529 'all-recursive')
      *** Error 1 in /home/puffyguy/vcs/zabbix (Makefile:581 'all-recursive')
      

      The OpenBSD ports tree contains patches[5][6] for Zabbix, which removes the test for LIBRESSL_VERSION_NUMBER entirely to allow it to build.

      I propose merging the changes from the patches with attribution to fix this.


      [1]: Zabbix src/libs/zbxcomms/tls_openssl.c (24-170)
      [2]: Zabbix src/libs/zbxcomms/tls_openssl.c (164-169)
      [3]: OpenBSD src/lib/libcrypto/crypto.h (421)
      [4]: OpenBSD src/lib/libcrypto/opensslv.h
      [5]: OpenBSD ports/net/zabbix/patches/patch-src_libs_zbxcomms_tls_c
      [6]: OpenBSD ports/net/zabbix/patches/patch-include_zbxcomms_h

            jlambda Juris Lambda
            jlambda Juris Lambda
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 1.5h
                1.5h