On Fri 03/01/2025 00:20, Klemens Nanni wrote:
> 03.01.2025 02:29, Jeremie Courreges-Anglas пишет:
> > Klemens: could you please test the mbedtls FLAVOR for your use case?
>
> Doesn't work:
>
> OpenVPN 2.6.12 x86_64-unknown-openbsd7.6 [SSL (mbed TLS)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD]
> library versions: mbed TLS 2.28.0, LZO 2.10
> Cannot initialize 19-'CKR_ATTRIBUTE_VALUE_INVALID'
> Exiting due to fatal error
>
> Same result when switching the helper to mbed/polar;
> builds and packages, but doesn't link against it - perhaps something's missing?
With your diff, pkcs11-helper builds without support for mbedtls. Have a
look at the output of configure. BTW, 'make test' fails all tests.
I think you also need to pass MBEDTLS_CFLAGS and MBEDTLS_LIBS. With this
mbedtls is picked up, pkcs11-helper compiles, and passes all tests.
Could you recheck with the diff below?
diff --git Makefile Makefile
index ea1d224c45e..aa299b4ea3a 100644
--- Makefile
+++ Makefile
@@ -1,11 +1,11 @@
COMMENT = library with PKCS\#11 providers for end-user applications
CATEGORIES = security
DISTNAME = pkcs11-helper-1.30.0
-REVISION = 0
+REVISION = 1
SHARED_LIBS = pkcs11-helper 0.0 # 1.0
-WANTLIB = crypto
+WANTLIB = mbedcrypto mbedtls mbedx509 pthread
MAINTAINER = Klemens Nanni <kn@openbsd.org>
@@ -17,12 +17,15 @@ SITES = ${HOMEPAGE}/releases/download/${DISTNAME}/
EXTRACT_SUFX = .tar.bz2
BUILD_DEPENDS = security/p11-kit
+LIB_DEPENDS = security/polarssl
CONFIGURE_STYLE = gnu
CONFIGURE_ARGS = --enable-tests \
--with-test-provider=`pkg-config --variable=proxy_module p11-kit-1` \
--disable-crypto-engine-gnutls \
- --disable-crypto-engine-mbedtls \
+ --enable-crypto-engine-mbedtls \
+ --disable-openssl \
+ --disable-crypto-engine-openssl \
--disable-crypto-engine-nss \
--disable-doc \
--disable-static
@@ -38,6 +41,9 @@ LIBTOOL_FLAGS = --tag=disable-static
CONFIGURE_ARGS += --disable-slotevent \
--disable-threading
+CONFIGURE_ENV= MBEDTLS_CFLAGS="-I${LOCALBASE}/include" \
+ MBEDTLS_LIBS="-L${LOCALBASE}/lib -lmbedtls -lmbedx509 -lmbedcrypto"
+
USE_GMAKE = Yes
SEPARATE_BUILD = Yes
diff --git pkg/PLIST pkg/PLIST
index e7ab0747e5e..5dda6db3773 100644
--- pkg/PLIST
+++ pkg/PLIST
@@ -5,7 +5,6 @@ include/pkcs11-helper-1.0/pkcs11h-core.h
include/pkcs11-helper-1.0/pkcs11h-data.h
include/pkcs11-helper-1.0/pkcs11h-def.h
include/pkcs11-helper-1.0/pkcs11h-engines.h
-include/pkcs11-helper-1.0/pkcs11h-openssl.h
include/pkcs11-helper-1.0/pkcs11h-token.h
include/pkcs11-helper-1.0/pkcs11h-version.h
@comment lib/libpkcs11-helper.la
No comments:
Post a Comment