-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build failure with >= postfix-3.5.20 #914
Comments
AFAIK the biggest issue with Postfix and LibreSSL is the lack of DANE support. |
Current events made this a bit of a problem. This issue came too close to the 3.8 release for us to do anything about it. We don't really want to add It is straightforward to patch out the https://marc.info/?l=openbsd-ports&m=170300480407134&w=2 As long as you don't set the Brad is right, DANE support became mandatory in Postfix at some point, presumably at around the time when support for the OpenSSL 1.0 branch was removed, and that is the major blocker. While supporting DANE in LibreSSL is not entirely out of the question, doing it the OpenSSL way pretty much is. |
With the release of Postfix 3.6.
|
@botovq Thanks for the detailed information, would you mind elaborating on why I can confirm your patch also builds on my side and its understandable if fixing newer postfix is difficult, but if at all possible it would be greatly appreciated. Its one of the few blockers I have found in Gentoo so far. |
It is not desirable simply because there are almost no consumers. It is not particularly offensive as far as new OpenSSL APIs go, but it adds quite a bit of complexity. If it was the only thing in the way of having newer postfix work out of the box it would be an easier sell. But as things are, it's most likely easier to adjust the few consumers than to add this kind of complexity to our libraries. |
That makes sense, thanks for helping me understand. |
As I am sure is well known modern Postfix releases are broken with LibreSSL, OpenBSD outright uses OpenSSL.
https://github.com/openbsd/ports/blob/dce94975560b18e52943920a42ff29ca6a191611/mail/postfix/stable/Makefile#L7
And the Postfix 3.5 releases are the oldest that work with LibreSSL, but starting with
>= 3.5.20
one of the build failures with modern Postfix has been introduced.build.log
OpenBSD currently provides
3.5.17
where the current patches also allow3.5.19
to build.https://github.com/openbsd/ports/blob/dce94975560b18e52943920a42ff29ca6a191611/mail/postfix/stable35/Makefile#L1
https://github.com/openbsd/ports/blob/dce94975560b18e52943920a42ff29ca6a191611/mail/postfix/stable35/patches/patch-src_tls_tls_certkey_c
https://github.com/openbsd/ports/blob/dce94975560b18e52943920a42ff29ca6a191611/mail/postfix/stable35/patches/patch-src_tls_tls_server_c
Is there any hope that LibreSSL can at least support newer Postfix 3.5 patch releases?
The text was updated successfully, but these errors were encountered: