[ZBX-11803] Make Zabbix work without PSK Created: 2017 Feb 12 Updated: 2019 Apr 15 Resolved: 2019 Apr 15 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Server (S) |
Affects Version/s: | 3.2.3 |
Fix Version/s: | None |
Type: | Incident report | Priority: | Trivial |
Reporter: | Bernard Spil | Assignee: | Unassigned |
Resolution: | Duplicate | Votes: | 1 |
Labels: | patch | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
FreeBSD 11.0-p7 / LibreSSL |
Attachments: | patch-Zabbix-3.2.3-server-OPENSSL_NO_PSK patch-src_libs_zbxcrypto_tls.c | ||||||||
Issue Links: |
|
Description |
Zabbix does not support building without PSK (Pre-Shared Key) capability. I've patched the 3.2.3 sources to build without PSK using the `OPENSSL_NO_PSK` standard define from `openssl/opensslconf.h` |
Comments |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Feb 17 ] |
LibreSSL website says that their libssl is backward-compatible with OpenSSL. So theoretically you should be able to build Zabbix with LibreSSL without any modifications. What is the problem then? |
Comment by Sebastian YEPES [ 2017 Sep 17 ] |
The problem is not the compatibility it's just that the LibreSSL lib is named different and when the build process make reference to -lopenssl this does not exist. |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Sep 25 ] |
Dear syepes, you are not entirely correct. While LibreSSL provides new library and new "better" API they also position themselves as a drop-in replacement for OpenSSL and therefore support old API and provide good old libcrypto and libssl. From their website:
|
Comment by Sebastian YEPES [ 2017 Oct 03 ] |
@Glebs Ivanovskis, well on paper more or less yes, but in practice it does not compile on environments like alpine were LibreSSL is now the default lib. |
Comment by Glebs Ivanovskis (Inactive) [ 2017 Oct 03 ] |
You mean compiling Zabbix without SSL? It is possible. |
Comment by Sebastian YEPES [ 2017 Oct 03 ] |
Yes as a workaround, for not being able to compile Zabbix on alpine +3.5 it would be nice to disable all the SSL stuff on compilation |
Comment by Bernard Spil [ 2018 Apr 28 ] |
The same problem exists when OpenSSL is built without PSK support ./Configure no-psk Attached a new patch that disables PSK support in 3.4. PS. I am the maintainer of OpenSSL and LibreSSL ports on FreeBSD |
Comment by Andris Mednis [ 2019 Apr 15 ] |
I propose to close this ticket. It has been solved in Now Zabbix can use LibreSSL as OpenSSL replacement or OpenSSL compiled without PSK support. You can reopen it if it is not solved. |