FreeRDP: NLA broken with libressl

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

FreeRDP: NLA broken with libressl

Stuart Henderson-6
FreeRDP has had a problem for a while connecting to servers that
require NLA, reported as:

  SSL_read: Failure in SSL library (protocol error?)

It definitely worked in 5.4 and was broken in 5.6, I don't
have 5.5 handy to test.

So, I tried building against OpenSSL. First time I messed up the
cpp flags and built against LibreSSL headers. Failed. I fixed that so
it was correctly built with OpenSSL headers and libs - works fine.

Interestingly it also works if built against the OpenSSL headers
and LibreSSL libs...

I think it makes sense to switch to OpenSSL for now to fix the port
for release, but does anyone want to try and work out what's going
on with headers?

Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/freerdp/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile 10 Jul 2014 13:25:46 -0000 1.17
+++ Makefile 4 Feb 2015 13:55:59 -0000
@@ -5,7 +5,7 @@ SHARED_ONLY = Yes
 V = 1.0.2
 COMMENT = open source client for Windows Terminal Server
 DISTNAME = freerdp-$V
-REVISION = 1
+REVISION = 2
 DISTFILES = ${DISTNAME}{$V}.tar.gz
 WRKDIST = ${WRKDIR}/FreeRDP-$V
 CATEGORIES = x11 net
@@ -26,8 +26,8 @@ MAINTAINER = Michael Erdely <merdely@op
 # Apache 2.0
 PERMIT_PACKAGE_CDROM = Yes
 
-WANTLIB += X11 Xcursor Xext Xinerama Xv avcodec avutil c crypto
-WANTLIB += pcsclite pthread ssl xkbfile z cups
+WANTLIB += X11 Xcursor Xext Xinerama Xv avcodec avutil c lib/eopenssl/crypto
+WANTLIB += pcsclite pthread lib/eopenssl/ssl xkbfile z cups
 
 MASTER_SITES = https://github.com/FreeRDP/FreeRDP/archive/ \
  http://spacehopper.org/mirrors/
@@ -39,10 +39,14 @@ BUILD_DEPENDS = textproc/docbook \
 
 LIB_DEPENDS = graphics/ffmpeg \
  print/cups,-libs \
+ security/openssl \
  security/pcsc-lite
 
 CONFIGURE_ARGS += -DWITH_ALSA=Off \
  -DWITH_PCSC=On
+
+CFLAGS+= -I${LOCALBASE}/include/eopenssl
+CONFIGURE_ENV = LDFLAGS="-L${LOCALBASE}/lib/eopenssl -Wl,-rpath,${LOCALBASE}/lib/eopenssl"
 
 post-patch:
  perl -pi -e 's,/usr/local,${LOCALBASE},g; s,/usr/X11R6,${X11BASE},g;' \