constcast
/
vermont
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vermont is not compatible with openssl 1.1.0 

openssl 1.1.0 is not API backward compatible with 1.0.0, and vermont
will not compile with the newer version.

The cmake find_package macro has no way to specify a maximum version
so check it explicitly.
master
Nicholas Brown 2017-06-19 15:02:23 +01:00 committed by Nicholas Brown
parent 454ea8d8a4
commit e77f883c56
2 changed files with 10 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CMakeLists.txt
View File

@ -537,10 +537,13 @@ ENDIF(CONNECTION_FILTER)
OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF) OPTION(SUPPORT_DTLS "Enables/Disables encryption support for IPFIX messages." OFF)
IF (SUPPORT_DTLS) IF (SUPPORT_DTLS)
FIND_PACKAGE(OpenSSL) FIND_PACKAGE(OpenSSL 1.0.0)
IF (NOT OPENSSL_FOUND) IF (NOT OPENSSL_FOUND)
MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS") MESSAGE(FATAL_ERROR "Could not find openssl. Please install the library or turn off SUPPORT_DTLS")
ENDIF (NOT OPENSSL_FOUND) ENDIF (NOT OPENSSL_FOUND)
IF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
MESSAGE(FATAL_ERROR "openssl version must be less than 1.1.0")
ENDIF (NOT (${OPENSSL_VERSION} VERSION_LESS 1.1.0))
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR}) INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES}) TARGET_LINK_LIBRARIES(vermont ${OPENSSL_LIBRARIES})
ADD_DEFINITIONS(-DSUPPORT_DTLS) ADD_DEFINITIONS(-DSUPPORT_DTLS)

60
README.md
View File

@ -32,9 +32,7 @@ The following packages are optional:
- libczmq-dev (for receiving IPFIX reports over ZMQ) - libczmq-dev (for receiving IPFIX reports over ZMQ)
==> cmake option SUPPORT_ZMQ ==> cmake option SUPPORT_ZMQ
For DTLS support, OpenSSL 1.0.0 or higher is required. It is recommended For DTLS support, OpenSSL 1.0.0 is required.
to build OpenSSL based on the latest CVS revision. See DTLS instructions below.
## BUILDING AND INSTALLATION ## BUILDING AND INSTALLATION
@ -83,64 +81,18 @@ $ make install
### BUILDING WITH DTLS-OVER-UDP SUPPORT ### BUILDING WITH DTLS-OVER-UDP SUPPORT
VERMONT's DTLS support is based on OpenSSL version 1.0.0 (and maybe higher). VERMONT's DTLS support is based on OpenSSL version 1.0.0. OpenSSL 1.1.0 is not currently supported.
Since the DTLS implementation in OpenSSL is fairly new and not as mature as In order to compile VERMONT with DTLS-over-UDP support set the following option:
the TLS/SSL implementation, you should use the latest version of OpenSSL which
you can get from http://openssl.org/source/.
At the time of writing (July 2010), the latest version is 1.0.0a.
``` shell ``` shell
$ wget http://openssl.org/source/openssl-1.0.0a.tar.gz $ cmake -DSUPPORT_DTLS=YES
$ tar xzf openssl-1.0.0a.tar.gz
$ cd openssl-1.0.0a/
``` ```
If you want to profit from the most recent bugfixes, you can check out the If CMake does not find OPENSSL you can explicitly specify the include and library paths:
sources from the OpenSSL CVS repository instead:
``` shell
$ cvs -z9 -d anonymous@cvs.openssl.org:/openssl-cvs co openssl
$ cd openssl/
``` ```
cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/lib
In order to avoid incompatibilities with other packages of your distribution,
you probably do not want the new version of OpenSSL to become the default
OpenSSL library on your system. Therefore, it is recommended to install the
new version in a local directory by using the --prefix option of the config
script.
To build OpenSSL and install it into a built/ subdirectory within the OpenSSL
source directory, call the following commands:
``` shell
$ ./config -d no-dso no-shared --prefix=`pwd`/built
$ make
$ make install
``` ```
The configure option "no-dso" turns off the use of shared-library methods which
avoids linking problems related to libdl on the Linux platform.
With the option "no-shared", only static libraries are built which makes it
easier to link VERMONT to the correct version of OpenSSL.
In order to compile VERMONT with DTLS-over-UDP support, change into the root
of VERMONT's source directory and execute cmake with the OpenSSL include and
library paths (replace "/path/to/openssl" by your OpenSSL source directory):
``` shell
$ cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/built/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/built/lib
```
On 64 bit platforms, the library path might be different (mind the "64" at the
very end!):
``` shell
$ cmake -DSUPPORT_DTLS=YES -DCMAKE_INCLUDE_PATH=/path/to/openssl/built/include -DCMAKE_LIBRARY_PATH=/path/to/openssl/built/lib64
```
If you have previously built VERMONT with OpenSSL located in another
directory, you might need to manually remove the file CMakeCache.txt before
calling cmake.
### BUILDING WITH DTLS-OVER-SCTP SUPPORT ### BUILDING WITH DTLS-OVER-SCTP SUPPORT
At the time of writing (July 2010), DTLS over SCTP can be used on FreeBSD only! At the time of writing (July 2010), DTLS over SCTP can be used on FreeBSD only!