New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 740333 link

Starred by 2 users
Status: Started
Owner:
djkurtz@chromium.org
Last visit > 30 days ago
Cc:
benchan@chromium.org
snanda@chromium.org
mnissler@chromium.org
vapier@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Blocking:
issue 649672



Sign in to add a comment

Fix net-analyzer/tcpdump for OpenSSL 1.1

Project Member Reported by djkurtz@chromium.org, Jul 8 2017 
net-analyzer/tcpdump-4.5.1-r1 fails to build with dev-libs/openssl-1.1.0f.

Latest upstream gentoo ebuild is 4.9.0.
This version should work, since according to the change log [0], version 4.8.1 (Tuesday October 25, 2016) includes:
  Handle OpenSSL 1.1.x.

[0] http://www.tcpdump.org/tcpdump-changes.txt

Compile errors:

./print-esp.c:105:17: error: variable has incomplete type 'EVP_CIPHER_CTX' (aka 'struct evp_cipher_ctx_st')
        EVP_CIPHER_CTX ctx;
                       ^
usr/include/openssl/ossl_typ.h:90:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
               ^
./print-esp.c:563:17: error: variable has incomplete type 'EVP_CIPHER_CTX' (aka 'struct evp_cipher_ctx_st')
        EVP_CIPHER_CTX ctx;
                       ^
usr/include/openssl/ossl_typ.h:90:16: note: forward declaration of 'struct evp_cipher_ctx_st'
typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
               ^
2 errors generated.
make: *** [Makefile:72: print-esp.o] Error 1

Comment 1 by djkurtz@chromium.org, Jul 8 2017 

CL: https://chromium-review.googlesource.com/564190

Unfotunately, this version does not actually pass FEATURE=test.  In fact it doesn't pass with either OpenSSL 1.0 or OpenSSL 1.1.  Note: all tests passed with OpenSSL 1.0.2 & 4.5.1-r1.

These tests fail with 1.0.2:
geneve-vni
geneve-tcp
pcap-invalid-version-2
pcap-ng-invalid-vers-2

These tests fail with 1.1:
Failed test: esp1
Failed test: esp2
Failed test: esp3
Failed test: esp4
Failed test: esp5
Failed test: espudp1
Failed test: ikev2pI2
Failed test: geneve-vni

Apparently the pcap-* tests failures are due to using an old libpcap (libpcap-1.5.3 < 1.7.4), see:
https://github.com/the-tcpdump-group/tcpdump/issues/532

So may need to update that package as well.

Comment 2 by djkurtz@chromium.org, Jul 8 2017

Cc: benchan@chromium.org snanda@chromium.org

Sign in to add a comment