hi all-- openssl 1.1.0 is about to be released. Kurt Roeckx was nice enough to try rebuilding tcpcrypt against it and got this error:
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/tcpcrypt_0.4-4_amd64-20160529-1543 the error it hits is: [...] src/src_tcpcryptd-crypto.o `test -f 'src/crypto.c' || echo './'`src/crypto.c gcc -DHAVE_CONFIG_H -I. -Wdate-time -D_FORTIFY_SOURCE=2 -I./src -I./include -I./src -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wno-deprecated-declarations -c -o src/src_tcpcryptd-crypto_rsa.o `test -f 'src/crypto_rsa.c' || echo './'`src/crypto_rsa.c In file included from /usr/include/openssl/asn1.h:24:0, from /usr/include/openssl/rsa.h:16, from src/crypto_rsa.c:8: src/crypto_rsa.c: In function 'generate_keys': src/crypto_rsa.c:64:35: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}' k->k_blen = BN_num_bytes(k->k_rsa->n); ^ Makefile:1013: recipe for target 'src/src_tcpcryptd-crypto_rsa.o' failed make[2]: *** [src/src_tcpcryptd-crypto_rsa.o] Error 1 make[2]: Leaving directory '/<<PKGBUILDDIR>>' (there may of course be other errors as well) one of the major changes in OpenSSL 1.1.0 is making more of the data structures opaque; this looks like an instance of that. it'd be great to see an update that would let tcpcrypt build cleanly against newer versions as well. (this is noted in https://bugs.debian.org/828568) --dkg
