OpenVpn LibreSSL - Missing or invalid OpenSSL
1,562 views
Skip to first unread message
bryn1u
Sep 24, 2017, 7:35:22 PM9/24/17
to HardenedBSD Users
Hello guys,
Is this issue could be related with libressl ? I have installed libressl
[root@proton /usr/local/etc/openvpn]# ./easyrsa init-pki
Note: using Easy-RSA configuration from: ./vars
3884271625736:error:0EFFF068:configuration file routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
Easy-RSA error:
Missing or invalid OpenSSL
Expected to find openssl command at: openssl
Franco Fichtner
Sep 25, 2017, 1:28:11 AM9/25/17
to bryn1u, HardenedBSD Users
Hi,
> On 25. Sep 2017, at 1:35 AM, bryn1u <m.br...@gmail.com> wrote:
>
> Note: using Easy-RSA configuration from: ./vars
> 3884271625736:error:0EFFF068:configuration file routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
>
> Easy-RSA error:
>
> Missing or invalid OpenSSL
> Expected to find openssl command at: openssl
Try to forcefully install the latest package:
# pkg install -f easy-rsa
If this helps and you normally build from ports you have an unclean
build environment. It's likely related to the 11-STABLE transition.
Cheers,
Franco
> On 25. Sep 2017, at 1:35 AM, bryn1u <m.br...@gmail.com> wrote:
>
> Note: using Easy-RSA configuration from: ./vars
> 3884271625736:error:0EFFF068:configuration file routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
>
> Easy-RSA error:
>
> Missing or invalid OpenSSL
> Expected to find openssl command at: openssl
# pkg install -f easy-rsa
If this helps and you normally build from ports you have an unclean
build environment. It's likely related to the 11-STABLE transition.
Cheers,
Franco
bryn1u85 .
Sep 25, 2017, 2:54:01 AM9/25/17
to us...@hardenedbsd.org, Shawn Webb, Oliver Pinter
Hello,
I have build easy-rsa from ports and im getting still the same issue:[root@proton /usr/local/etc/openvpn]# ./easyrsa init-pki
Note: using Easy-RSA configuration from: ./vars
5178087257608:error:0EFFF068:configuration file routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
Easy-RSA error:
Missing or invalid OpenSSL
Expected to find openssl command at: openssl
[root@proton /usr/local/etc/openvpn]#
I have put to make.conf those options:[root@proton /usr/local/etc/openvpn]# cat /etc/make.conf
WITH_SSP_PORTS=YES
SSP_CFLAGS=-fstack-protector-all
SSP_CXXFLAGS=-fstack-protector-all
DEFAULT_VERSIONS+= php=7.1
DEFAULT_VERSIONS+=ssl=libressl
Shawn Webb
Sep 25, 2017, 12:40:36 PM9/25/17
to bryn1u85 ., us...@hardenedbsd.org, Oliver Pinter
OpenVPN itself works under HardenedBSD. You're trying to get the
easy-rsa scripts working. easy-rsa is separate from (but related to)
OpenVPN. The easy-rsa scripts are incompatible with LibreSSL.
The easy-rsa scripts are incompatible with LibreSSL because the LibreSSL
developers stripped out the ability to pass in data via environment
variables. easy-rsa relies on setting environment variables to tell
the openssl application certain pieces of info.
Either you'll need to modify the easy-rsa scripts (like I've done on my
system) or you'll need to do the certificate generation yourself. Either
solution isn't difficult to do.
Thanks,
Shawn
On Mon, Sep 25, 2017 at 06:54:00AM +0000, bryn1u85 . wrote:
> Hello,
>
> I have build easy-rsa from ports and im getting still the same issue:
>
> [root@proton /usr/local/etc/openvpn]# ./easyrsa init-pki
>
> Note: using Easy-RSA configuration from: ./vars
> 5178087257608:error:0EFFF068:configuration file
> routines:CRYPTO_internal:variable
> has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
>
> Easy-RSA error:
>
> Missing or invalid OpenSSL
> Expected to find openssl command at: openssl
> [root@proton /usr/local/etc/openvpn]#
>
> I have put to make.conf those options:
>
> [root@proton /usr/local/etc/openvpn]# cat /etc/make.conf
>
> WITH_SSP_PORTS=YES
> SSP_CFLAGS=-fstack-protector-all
> SSP_CXXFLAGS=-fstack-protector-all
> DEFAULT_VERSIONS+= php=7.1
> DEFAULT_VERSIONS+=ssl=libressl
>
> And it still doesn't matter. Is there any way to install openvpn under
> HardenedBSD ?
>
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
easy-rsa scripts working. easy-rsa is separate from (but related to)
OpenVPN. The easy-rsa scripts are incompatible with LibreSSL.
The easy-rsa scripts are incompatible with LibreSSL because the LibreSSL
developers stripped out the ability to pass in data via environment
variables. easy-rsa relies on setting environment variables to tell
the openssl application certain pieces of info.
Either you'll need to modify the easy-rsa scripts (like I've done on my
system) or you'll need to do the certificate generation yourself. Either
solution isn't difficult to do.
Thanks,
Shawn
On Mon, Sep 25, 2017 at 06:54:00AM +0000, bryn1u85 . wrote:
> Hello,
>
> I have build easy-rsa from ports and im getting still the same issue:
>
> [root@proton /usr/local/etc/openvpn]# ./easyrsa init-pki
>
> Note: using Easy-RSA configuration from: ./vars
> 5178087257608:error:0EFFF068:configuration file
> routines:CRYPTO_internal:variable
> has no value:/usr/src/crypto/libressl/crypto/conf/conf_def.c:563:line 3
>
> Easy-RSA error:
>
> Missing or invalid OpenSSL
> Expected to find openssl command at: openssl
> [root@proton /usr/local/etc/openvpn]#
>
> I have put to make.conf those options:
>
> [root@proton /usr/local/etc/openvpn]# cat /etc/make.conf
>
> WITH_SSP_PORTS=YES
> SSP_CFLAGS=-fstack-protector-all
> SSP_CXXFLAGS=-fstack-protector-all
> DEFAULT_VERSIONS+= php=7.1
> DEFAULT_VERSIONS+=ssl=libressl
>
> And it still doesn't matter. Is there any way to install openvpn under
> HardenedBSD ?
>
> 2017-09-25 7:28 GMT+02:00 Franco Fichtner <franco....@hardenedbsd.org>:
>
> > Hi,
> >
> > > On 25. Sep 2017, at 1:35 AM, bryn1u <m.br...@gmail.com> wrote:
> > >
> > > Note: using Easy-RSA configuration from: ./vars
> > > 3884271625736:error:0EFFF068:configuration file
> > routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl
> > /crypto/conf/conf_def.c:563:line 3
> > >
> > > Easy-RSA error:
> > >
> > > Missing or invalid OpenSSL
> > > Expected to find openssl command at: openssl
> >
> > Try to forcefully install the latest package:
> >
> > # pkg install -f easy-rsa
> >
> > If this helps and you normally build from ports you have an unclean
> > build environment. It's likely related to the 11-STABLE transition.
> >
> >
> > Cheers,
> > Franco
> >
--
>
> > Hi,
> >
> > > On 25. Sep 2017, at 1:35 AM, bryn1u <m.br...@gmail.com> wrote:
> > >
> > > Note: using Easy-RSA configuration from: ./vars
> > > 3884271625736:error:0EFFF068:configuration file
> > routines:CRYPTO_internal:variable has no value:/usr/src/crypto/libressl
> > /crypto/conf/conf_def.c:563:line 3
> > >
> > > Easy-RSA error:
> > >
> > > Missing or invalid OpenSSL
> > > Expected to find openssl command at: openssl
> >
> > Try to forcefully install the latest package:
> >
> > # pkg install -f easy-rsa
> >
> > If this helps and you normally build from ports you have an unclean
> > build environment. It's likely related to the 11-STABLE transition.
> >
> >
> > Cheers,
> > Franco
> >
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
bryn1u
Sep 25, 2017, 2:08:52 PM9/25/17
to HardenedBSD Users, m.br...@gmail.com, oliver...@hardenedbsd.org
@Shown
Could you give me some recipe how can modify that script. I was looking for any solutions to fix it but it really hard.
bryn1u
Sep 26, 2017, 10:22:43 AM9/26/17
to HardenedBSD Users, m.br...@gmail.com, oliver...@hardenedbsd.org, Shawn Webb, us...@hardenedbsd.org, Shawn Webb
I know that you are busy making great progress with HBSD but i was trying find some solution. I was on official github of OpenVPN. There is the same problem and none give any solution ....
Shawn Webb
Sep 26, 2017, 10:42:48 AM9/26/17
to bryn1u, HardenedBSD Users, oliver...@hardenedbsd.org, Shawn Webb
Here's the LibreSSL-ized easy-rsa:
https://github.com/lattera/easy-rsa-libressl
I don't have the time to hold your hand. You'll need to make further
modifcations yourself.
On Tue, Sep 26, 2017 at 02:22:43PM +0000, bryn1u wrote:
> I know that you are busy making great progress with HBSD but i was trying
> find some solution. I was on official github of OpenVPN. There is the same
> problem and none give any solution ....
>
> W dniu poniedzia??ek, 25 wrze??nia 2017 20:08:52 UTC+2 u??ytkownik bryn1u
> napisa??:
> > napisa??:
https://github.com/lattera/easy-rsa-libressl
I don't have the time to hold your hand. You'll need to make further
modifcations yourself.
On Tue, Sep 26, 2017 at 02:22:43PM +0000, bryn1u wrote:
> I know that you are busy making great progress with HBSD but i was trying
> find some solution. I was on official github of OpenVPN. There is the same
> problem and none give any solution ....
>
> napisa??:
> >
> > @Shown
> >
> > Could you give me some recipe how can modify that script. I was looking
> > for any solutions to fix it but it really hard.
> >
> > W dniu poniedzia??ek, 25 wrze??nia 2017 18:40:36 UTC+2 u??ytkownik Shawn Webb
> > @Shown
> >
> > Could you give me some recipe how can modify that script. I was looking
> > for any solutions to fix it but it really hard.
> >
> > napisa??:
Reply all
Reply to author
Forward
0 new messages