Kea issueshttps://gitlab.isc.org/isc-projects/kea/-/issues2024-02-23T18:26:02Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3194fix UTs when Kea is configured with botan without TLS2024-02-23T18:26:02ZRazvan Becheriufix UTs when Kea is configured with botan without TLSnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/1939Kea 1.8.2 configure fails when linking to static OpenSSL library2022-11-02T15:10:41ZGreg RabilKea 1.8.2 configure fails when linking to static OpenSSL libraryI am attempting to build a static Kea 1.8.2 binary on CentOS7. I have built a static version of OpenSSL 1.1.1k (./config no-shared). When running configure for Kea 1.8.2 and specifying the --with-openssl directive, it fails with the fo...I am attempting to build a static Kea 1.8.2 binary on CentOS7. I have built a static version of OpenSSL 1.1.1k (./config no-shared). When running configure for Kea 1.8.2 and specifying the --with-openssl directive, it fails with the following:
```
checking OS type... Linux
checking for sa_len in struct sockaddr... no
checking for usuable C++11 regex... no
checking for OpenSSL library... yes
checking OpenSSL version... OpenSSL 1.1.1k 25 Mar 2021
checking support of SHA-2... configure: error: missing EVP entry for SHA-2
```
Attached is the config.log file. [config.log](/uploads/68a099b66729e0f428375ce2fd77a95c/config.log)
As a work around, I am able to force it to configure properly by specifying LDFLAGS and LIBS:
`LDFLAGS="-L/opt/tmp/install/openssl/lib" LIBS="-lcrypto -lpthread"`
Note that this problem does not occur if OpenSSL is built with dynamic libraries.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1776Move to system (vs autoseeded) RNG on Botan2022-11-02T15:10:17ZFrancis DupontMove to system (vs autoseeded) RNG on BotanOn Botan we use the autoseeded RNG when on all supported platforms we can use the system RNG. This also works better in a multi threaded environment: on old Botan stateful RNGs including the autoseeded one are not MT safe, on recent (>= ...On Botan we use the autoseeded RNG when on all supported platforms we can use the system RNG. This also works better in a multi threaded environment: on old Botan stateful RNGs including the autoseeded one are not MT safe, on recent (>= 2.16, the last when I write this 2.17.3) versions they are MT safes but for performance it is recommended to make them thread local...
The define to use in the code is BOTAN_HAS_SYSTEM_RNG, include is system_rng.h and the class System_RNG.
BTW IMHO the best should be to use the processor RNG but it is recent and can be tested only at runtime...backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1754Botan option in hammer2022-11-02T15:10:18ZFrancis DupontBotan option in hammerI'd like to get a Botan option in hammer. It does not need to cover all systems.
Note I can only help indirectly: vagrant does not support VMware Fusion, I deeply dislike VirtualBox and since Big Sur some advanced CPU features are no al...I'd like to get a Botan option in hammer. It does not need to cover all systems.
Note I can only help indirectly: vagrant does not support VMware Fusion, I deeply dislike VirtualBox and since Big Sur some advanced CPU features are no allowed so no VM inside a VM too. At the opposite I can find what is the package to use when it exists so my constraint is only in direct testing (i.e. I can't review).
I'll look at for the Botan boost support too but it is 4 header files so something potentially easier than to add --with-boost in package sources and rebuild them.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/990Better support for recent Botan (configure, warnings)2022-11-02T15:10:18ZFrancis DupontBetter support for recent Botan (configure, warnings)Recent versions of Botan display some warnings:
```
In file included from botan_hash.cc:14:
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/lookup.h:35:1: warning: this header is deprecated [-W#pragma-messages]
BOTAN_DEPRECATED_HEAD...Recent versions of Botan display some warnings:
```
In file included from botan_hash.cc:14:
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/lookup.h:35:1: warning: this header is deprecated [-W#pragma-messages]
BOTAN_DEPRECATED_HEADER(lookup.h)
^
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/compiler.h:104:42: note: expanded from macro 'BOTAN_DEPRECATED_HEADER'
#define BOTAN_DEPRECATED_HEADER(hdr) _Pragma("message \"this header is deprecated\"")
^
<scratch space>:214:2: note: expanded from here
message "this header is deprecated"
^
1 warning generated.
In file included from botan_hmac.cc:14:
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/hmac.h:14:1: warning: this header will be made internal in the future [-W#pragma-messages]
BOTAN_FUTURE_INTERNAL_HEADER(hmac.h)
^
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/compiler.h:107:49: note: expanded from macro 'BOTAN_FUTURE_INTERNAL_HEADER'
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr) _Pragma("message \"this header will be made internal in the future\"")
^
<scratch space>:214:2: note: expanded from here
message "this header will be made internal in the future"
^
In file included from botan_hmac.cc:15:
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/lookup.h:35:1: warning: this header is deprecated [-W#pragma-messages]
BOTAN_DEPRECATED_HEADER(lookup.h)
^
/usr/local/Cellar/botan/2.12.1/include/botan-2/botan/compiler.h:104:42: note: expanded from macro 'BOTAN_DEPRECATED_HEADER'
#define BOTAN_DEPRECATED_HEADER(hdr) _Pragma("message \"this header is deprecated\"")
^
<scratch space>:216:2: note: expanded from here
message "this header is deprecated"
^
2 warnings generated.
```
BTW these warnings are only displayed: the quote is from a --with-werror build.backlog