Failure occurs when running make
dorpauli opened this issue · comments
After the commit in response to my issue and the installation of LibreSSL-portable, I could now run autogen and configure. But when I run make, a new error occurs:
http.c:61:10: fatal error: vis.h: No such file or directory
#include <vis.h>
^~~~~~~
I have tried to install vis, but nothing seems to work.
I added vis.c and vis.h to the proable framework in d637dd3.
This should now hopefully compile.
Ok now the compilation continues. But then another failure occurs. There seems to be a undefined reference. I post the output of make check as text file:
On the same machine, the compilation went through a few weeks ago and the software worked.
Can you compile with make AM_DEFAULT_VERBOSITY=1.
Also could you send me the configure output?
It seems that the library includes are incorrect -lcrypto is missing.
Here are the two output files.
For some reasons the sk_num, and friends are not found during linking. Even though there is a -lcrypto in the link command.
What system is that and what version of -lcrypto are you linking against?
I did build this on an older alpine image I had around and it is working with the last pushes I made today.
Oh wait, I see the problem. You compile with libressl headers but link against an openssl library. That does not work. You need to use either the libressl -lcrypto or make sure that the openssl includes are from OpenSSL.
sk_num is defined to OPENSSL_sk_num in OpenSSL 1.1.
Ok thank you for your help.
I don't know much about these thinks. I only tried to get it compiled and for that i installed libressl, because the configure script said "libtls headers required".
It's a Debian based system and i don't know the best way to solve it. I have not found libtls-standalone.
I found a solution, that works for now. I just used this repository to install libtls.
The proper solution is to get the various linux distros to actually package and ship an up-to-date version of libtls.
Just take libtls and tls.h (and the manpages) from libressl-portable and package that, everyone would benefit.
But what is the right solution in the current situation? For Debian it is not possible to compile the software with the current installation instructions and without some workaround...
However, I ran some tests with the new binary and there are nearly 30.000 vrps missing. Maybe it's caused by the outdated version of libtls.
If you have OpenSSL and need libtls, then you need the LibreTLS package, which unfortunately is not yet widely packaged for Linux distributions as Repology says. Having both OpenSSL and LibreSSL on one system seems to be error-prone from my experience.
As mentioned you only need libtls from libressl. Since LibreSSL 3.2.0 libtls is self-sufficent and does not need any external dependencies anymore. tls.h does neither depend on any openssl/ header so that should possible.
In this regard libretls is more or less exactly this but depends on -lssl and -lcrypto from OpenSSL.
Anyway, I'm super happy if other people help to push libtls or libretls into more Linux distros.
First of all thank you both for the help.
I could now install libtls and ldconfig is aware of it. I also installed the man pages and lib.h. This works fine, but configure still prints:
checking tls.h usability... yes
checking tls.h presence... yes
checking for tls.h... yes
checking for library containing tls_read... no
configure: error: LibreSSL libtls library required
To add some more information about this i searched for the corresponding lines in config.log. And here they are:
cat config.log | grep libtls
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `arc4random_buf'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `X509_OBJECT_free_contents'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `sk_pop_free'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `sk_free'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `strlcpy'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `ASN1_time_tm_clamp_notafter'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `sk_value'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSL_CTX_load_verify_mem'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSL_CTX_set1_groups'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `X509_STORE_get_by_subject'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `freezero'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSLv23_client_method'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `arc4random'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `sk_num'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `ASN1_time_parse'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSL_CTX_use_certificate_chain_mem'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `timingsafe_memcmp'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `ECDSA_set_ex_data'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSLv23_server_method'
/usr/bin/ld: //usr/local/lib/libtls.so: undefined reference to `SSLv23_method'
configure:10467: error: LibreSSL libtls library required
It seems that this have something to do with the linking against openssl like @cjeker mentioned before:
Oh wait, I see the problem. You compile with libressl headers but link against an openssl library. That does not work. You need to use either the libressl -lcrypto or make sure that the openssl includes are from OpenSSL.
sk_num is defined to OPENSSL_sk_num in OpenSSL 1.1.
I really have no idea how to solve this. As i said i only installed libtls, tls.h and the man pages from libressl repository.
Not sure what version of libtls.so you use. That one is not self-hosted.
I built libressl-3.2.5 and there is no reference to any of the objects you mentioned in your build.
As mentioned you need to use libressl-3.2.0 or newer to get a self-hosted libtls.
The version i built from is also 3.2.5.
Thanks for the bash script to install libtls. Now i can compile again.
However, i wonder why it doesn't worked before. The only difference i made was fetching the libressl-portable version from Github. https://github.com/libressl-portable/portable/releases/tag/v3.2.5
However, I ran some tests with the new binary and there are nearly 30.000 vrps missing. Maybe it's caused by the outdated version of libtls.
Are you sure you installed all the Trust Anchors you want to use? https://rpki.readthedocs.io/en/latest/rpkiclient/installation.html#extra-tals
@dorpauli on Debian Bullseye or Ubuntu Hirsute it might be easier to just do apt install rpki-client