[Xymon] [PATCH] Re: Fwd: Bug#828611: xymon: Fails to build from source with OpenSSL 1.1.0

J.C. Cleaver cleaver at terabithia.org
Mon Oct 31 02:58:25 CET 2016 

On Sun, October 30, 2016 6:07 am, Axel Beckert wrote:
> Hi,
>
> Axel Beckert wrote:
>> this has been reported in Debian at https://bugs.debian.org/828611
> [...]
>> OpenSSL 1.1.0 is about to released.  During a rebuild of all packages
>> using
>> OpenSSL this package fail to build.  A log of that build can be found
>> at:
>> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/xymon_4.3.27-1_amd64-20160529-1558
>>
>> On https://wiki.openssl.org/index.php/1.1_API_Changes you can see
>> various of the
>> reasons why it might fail.  There are also updated man pages at
>> https://www.openssl.org/docs/manmaster/ that should contain useful
>> information.
>
> While it took quite a while to figure it out, the patch to make it
> compile again against OpenSSL 1.1.0 is surprisingly tiny:
>
> --- a/xymonnet/contest.c
> +++ b/xymonnet/contest.c
> @@ -648,7 +648,7 @@
>
>  	certcn = X509_NAME_oneline(X509_get_subject_name(peercert), NULL, 0);
>  	certissuer = X509_NAME_oneline(X509_get_issuer_name(peercert), NULL, 0);
> -	certsigalg = OBJ_nid2ln(OBJ_obj2nid(peercert->sig_alg->algorithm));
> +	certsigalg = OBJ_nid2ln(X509_get_signature_nid(peercert));
>  	certstart = strdup(xymon_ASN1_UTCTIME(X509_get_notBefore(peercert)));
>  	certend = strdup(xymon_ASN1_UTCTIME(X509_get_notAfter(peercert)));
>  	{
>
> See also
> https://anonscm.debian.org/cgit/collab-maint/xymon.git/tree/debian/patches/81_fix_compilation_with_OpenSSL_1.1+.patch
> https://anonscm.debian.org/cgit/collab-maint/xymon.git/plain/debian/patches/81_fix_compilation_with_OpenSSL_1.1+.patch
>
> I've got one (currently non-productive) Xymon server on a Raspberry Pi
> running(*) Debian Unstable with that patch and xymonnet properly
> reported SSL certificate and https:// URL states so far. So I believe,
> that patch is sufficient and working, despite I have not much of an
> idea what it actually does. I took the idea for the patch from here:
> https://github.com/bukka/php-src/commit/0598a8da2bc005b3a0be2801033b5347020f8316#diff-69bad938d17f4283faa5f7fea17fa627L2174
>
> I would be happy if you could integrate the patch into the (probably
> upcoming) 4.3.28 release to allow others to compile Xymon against
> OpenSSL 1.1.0+. (And to spread it further to get more testing. :-)
>
> (*) It's currently running with OpenSSL 1.0.2j though, but that proves
>     that it's at least also backward compatible to 1.0.2. As soon as
>     Debian Unstable switches to OpenSSL 1.1.0b or later, I'll continue
>     to test it with that version.
>
> 		Regards, Axel


Thanks! It seems I missed that back in July.

This looks good. I wrapped it in a version check to hopefully DTRT when
it's not present. This does lead to doing the new call between 1.0.2 and
<1.1.0, but AFAICT the call itself is nothing more than that anyway... I
think.

Committed at https://sourceforge.net/p/xymon/code/7975/


Regards,
-jc

More information about the Xymon mailing list