On Mon, Jul 15, 2024 at 01:45:32PM +0100, Stuart Henderson wrote:
> On 2024/07/14 21:08, Remi Locherer wrote:
> > -V =			8.2208.0
> > +V =			8.2404.0
> >  DISTNAME =		rsyslog-$V
> >  PKGNAME-main =		rsyslog-$V
> >  PKGNAME-mysql =		rsyslog-mysql-$V
> > @@ -22,8 +22,6 @@ REVISION-pgsql =	0
> 
> There are some REVISION-* to remove too.
> 
> > --- /dev/null	1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-runtime_net_ossl_c	20 May 2024 19:52:41 -0000
> > @@ -0,0 +1,24 @@
> > +LibreSSL does not support SSL_CONF_CTX.
> > +This patch is already present in rsyslog master and will most likely
> > +ship with a future version.
> 
> I'm not sure if this is quite enough. It removes the
> net_ossl_apply_tlscgfcmd function but not the prototype, and it's still
> referenced later in the BEGINobjQueryInterface(net_ossl) bits below in
> that file,
> 
> ...
> 1196         pIf->osslGetpeercert            = net_ossl_getpeercert;
> 1197         pIf->osslChkpeercertvalidity    = net_ossl_chkpeercertvalidity;
> 1198         pIf->osslApplyTlscgfcmd         = net_ossl_apply_tlscgfcmd;
> 1199         pIf->osslSetBioCallback         = net_ossl_set_bio_callback;
> ...
> 
> I think rsyslog will probably crash if any functions using that are
> called.
> 
> Is there anyone reading who uses the rsyslog port with TLS who could
> check runtime?
> 

Indeed! Rsyslogd does not crash but it fails to load the lmnsd_ossl module:

0985.329403000:main thread    : modules.c: loading module '/usr/local/lib/rsyslog/lmnsd_ossl.so'
rsyslogd:/usr/local/lib/rsyslog/lmnsd_ossl.so: undefined symbol 'net_ossl_apply_tlscgfcmd'