Opened 8 years ago
Last modified 8 months ago
#53964 assigned defect
py27-cryptography fails to build with libressl 2.5.3_0
| Reported by: | bK4gYuRo | Owned by: | stromnov (Andrey Stromnov) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | petrrr, cooljeanius (Eric Gallager) | |
| Port: | py27-cryptography |
Description
Apparently, in libressl 2.5.3 the following macros are defined:
/* Host, email and IP check errors */ #define X509_V_ERR_HOSTNAME_MISMATCH 62 #define X509_V_ERR_EMAIL_MISMATCH 63 #define X509_V_ERR_IP_ADDRESS_MISMATCH 64
This conflicts with last 3 lines in this block in _openssl.c in py27-cryptography:
/* OpenSSL 1.0.2beta2+ verification error codes */ #if CRYPTOGRAPHY_OPENSSL_102BETA2_OR_GREATER && !defined(LIBRESSL_VERSION_NUMBER) static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 1; #else static const long Cryptography_HAS_102_VERIFICATION_ERROR_CODES = 0; static const long X509_V_ERR_SUITE_B_INVALID_VERSION = 0; static const long X509_V_ERR_SUITE_B_INVALID_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_INVALID_CURVE = 0; static const long X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM = 0; static const long X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED = 0; static const long X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 = 0; static const long X509_V_ERR_HOSTNAME_MISMATCH = 0; static const long X509_V_ERR_EMAIL_MISMATCH = 0; static const long X509_V_ERR_IP_ADDRESS_MISMATCH = 0; #endif
If I comment out these 3 lines in _openssl.c, it compiles, but I am not sure if it is the right fix.
Log is attached
Attachments (1)
Change History (8)
Changed 8 years ago by bK4gYuRo
comment:1 Changed 8 years ago by bK4gYuRo
| Cc: | bK4gYuRo added |
|---|
comment:2 Changed 8 years ago by bK4gYuRo
_openssl.c is generated from cryptography-1.8.1/build/lib.macosx-10.10-x86_64-2.7/cryptography/hazmat/bindings/openssl/_conditional.py:
"Cryptography_HAS_102_VERIFICATION_ERROR_CODES": [
'X509_V_ERR_SUITE_B_INVALID_VERSION',
'X509_V_ERR_SUITE_B_INVALID_ALGORITHM',
'X509_V_ERR_SUITE_B_INVALID_CURVE',
'X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM',
'X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED',
'X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256',
'X509_V_ERR_HOSTNAME_MISMATCH',
'X509_V_ERR_EMAIL_MISMATCH',
'X509_V_ERR_IP_ADDRESS_MISMATCH'
I guess this file will need to be patched
comment:3 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | stromnov bK4gYuRo removed |
|---|---|
| Owner: | set to stromnov |
| Status: | new → assigned |
comment:4 Changed 8 years ago by bK4gYuRo
Just wanted to report that I tried the patch https://github.com/voidlinux/void-packages/blob/master/srcpkgs/python-cryptography/patches/fix-libressl-2.5.3.patch and it worked.
This is how I did it:
sudo port uninstall py27-cryptography sudo port clean --all py27-cryptography sudo port -d fetch py27-cryptography sudo port -d extract py27-cryptography cd /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_release_tarballs_ports_python_py-cryptography/py27-cryptography/work/cryptography-1.8.1/ sudo -u macports patch -p0 < ~/macports/patches/py27-cryptography-fix-libressl-2.5.3.diff sudo port -d configure py27-cryptography sudo port -d build py27-cryptography sudo port -d destroot py27-cryptography sudo port -d install py27-cryptography
comment:5 Changed 8 years ago by petrrr
| Cc: | petrrr added |
|---|
comment:6 Changed 7 years ago by bK4gYuRo
Looks like it is fixed upstream. py27-cryptography 1.9_0 builds just fine with libressl
comment:7 Changed 8 months ago by cooljeanius (Eric Gallager)
| Cc: | cooljeanius added |
|---|
main.log