Major When building the C agent on OpenBSD 7.5 with libssl/libcrypto support (--with-openssl), the build fails due to src/libs/zbxcomms/tls_openssl.c conditionally[1] defining a static implementation of OPENSSL_cleanup()[2], which conflicts with the declaration in openssl/crypto.h[3].
In src/libs/zbxcomms/tls_openssl.c[4] we keep this implementation behind a preprocessor guard that tests if OPENSSL_VERSION_NUMBER is less than 0x1010000fL or if LIBRESSL_VERSION_NUMBER is defined – that is to say that we assume LibreSSL only implements the pre-1.0.1 OpenSSL API, which is not the case.
openssl/opensslv.h on OpenBSD defines two version number macros - OPENSSL_VERSION_NUMBER, which is fixed at 0x20000000L and never changing, and LIBRESSL_VERSION_NUMBER, which is updated in sync with releases of LibreSSL-portable.
See an excerpt of the build log below:
Making all in zbxcomms
tls_openssl.c:164:13: error: static declaration of 'OPENSSL_cleanup' follows non-static declaration
static void OPENSSL_cleanup(void)
^
/usr/include/openssl/crypto.h:431:6: note: previous declaration is here
void OPENSSL_cleanup(void);
^
tls_openssl.c:550:17: error: incomplete definition of type 'struct ssl_ctx_st'
cipher_list = SSL_CTX_get_ciphers(ciphers);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../../include/zbxcomms.h:378:51: note: expanded from macro 'SSL_CTX_get_ciphers'
# define SSL_CTX_get_ciphers(ciphers) ((ciphers)->cipher_list)
~~~~~~~~~^
/usr/include/openssl/ossl_typ.h:158:16: note: forward declaration of 'struct ssl_ctx_st'
typedef struct ssl_ctx_st SSL_CTX;
^
tls_openssl.c:1522:61: warning: format specifies type 'long long' but the argument has type 'ssize_t' (aka 'long') [-Wformat]
" returned undocumented code " ZBX_FS_SSIZE_T, func, res);
~~~~~~~~~~~~~~ ^~~
1 warning and 2 errors generated.
*** Error 1 in target 'libzbxcomms_a-tls_openssl.o'
*** Error 1 in src/libs/zbxcomms (Makefile:576 'libzbxcomms_a-tls_openssl.o': cc -DHAVE_CONFIG_H -I../../../include/common -I../../../includ...)
*** Error 1 in src/libs (Makefile:664 'all-recursive')
*** Error 1 in src (Makefile:529 'all-recursive')
*** Error 1 in /home/puffyguy/vcs/zabbix (Makefile:581 'all-recursive')
The OpenBSD ports tree contains patches[5][6] for Zabbix, which removes the test for LIBRESSL_VERSION_NUMBER entirely to allow it to build.
I propose merging the changes from the patches with attribution to fix this.
–
[1]: Zabbix src/libs/zbxcomms/tls_openssl.c (24-170)
[2]: Zabbix src/libs/zbxcomms/tls_openssl.c (164-169)
[3]: OpenBSD src/lib/libcrypto/crypto.h (421)
[4]: OpenBSD src/lib/libcrypto/opensslv.h
[5]: OpenBSD ports/net/zabbix/patches/patch-src_libs_zbxcomms_tls_c
[6]: OpenBSD ports/net/zabbix/patches/patch-include_zbxcomms_h
