search

cloudflare / sslconfig

Cloudflare's Internet facing SSL configuration
BSD 3-Clause "New" or "Revised" License
1.3k stars 132 forks source link

New patches for OpenSSL 1.0.2h? #35

Closed rugk closed 8 years ago

rugk commented 8 years ago

OpenSSL released a critical security update this week and the current patch for OpenSSL 1.0.2g does not work (make test fails).

OpenSSL 1.0.2 users should upgrade to 1.0.2h

Could you please release a new patch compatible with OpenSSL 1.0.2h?

RevengeFNF commented 8 years ago

The patch worked for me with 1.0.2h.

v998 commented 8 years ago

Well, the patch for 1.0.2g works with 1.0.2h without any errors for me too.

rugk commented 8 years ago

Hmm okay strange. I am on ARM...

Already make test fails:

$ make test
Doing certs/demo
/.../openssl-1.0.2h-cloudflarepatch/util/opensslwrap.sh: 25: exec: /.../openssl-1.0.2h-cloudflarepatch/util/../apps/openssl: not found
/.../openssl-1.0.2h-cloudflarepatch/util/opensslwrap.sh: 25: exec: /.../openssl-1.0.2h-cloudflarepatch/util/../apps/openssl: not found
WARNING: Skipping duplicate certificate ca-cert.pem
/.../openssl-1.0.2h-cloudflarepatch/util/opensslwrap.sh: 25: exec: /.../openssl-1.0.2h-cloudflarepatch/util/../apps/openssl: not found
WARNING: Skipping duplicate certificate pca-cert.pem
/.../openssl-1.0.2h-cloudflarepatch/util/opensslwrap.sh: 25: exec: /.../openssl-1.0.2h-cloudflarepatch/util/../apps/openssl: not found
WARNING: Skipping duplicate certificate dsa-ca.pem
testing...
make[1]: Entering directory '/.../openssl-1.0.2h-cloudflarepatch/test'
gcc -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -march=armv7-a -Wa,--noexecstack -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM   -c -o bntest.o bntest.c
make[2]: Entering directory '/.../openssl-1.0.2h-cloudflarepatch/test'
( :; LIBDEPS="${LIBDEPS:--L.. -lssl -L.. -lcrypto  -ldl}"; LDCMD="${LDCMD:-gcc}"; LDFLAGS="${LDFLAGS:--DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -march=armv7-a -Wa,--noexecstack -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=bntest} bntest.o ${LIBDEPS} )
/usr/bin/ld: ../libcrypto.a(err_all.o): undefined reference to symbol 'ERR_load_CONF_strings@@OPENSSL_1.0.0'
//usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
../Makefile.shared:164: recipe for target 'link_app.' failed
make[2]: *** [link_app.] Error 1
make[2]: Leaving directory '/.../openssl-1.0.2h-cloudflarepatch/test'
Makefile:432: recipe for target 'bntest' failed
make[1]: *** [bntest] Error 2
make[1]: Leaving directory '/.../openssl-1.0.2h-cloudflarepatch/test'
Makefile:462: recipe for target 'tests' failed
make: *** [tests] Error 2
travislee89 commented 8 years ago

This patch need SSE4.1, only for x86-64 OS.

rugk commented 8 years ago

Thx for the explanation.