Small modification to support LibreSSL (OpenBSD >=5.2)

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
chrisunix
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 22, 2014 10:09 am

Small modification to support LibreSSL (OpenBSD >=5.2)

Post by chrisunix » Mon Dec 22, 2014 10:42 am

Hello everyone

The OpenBSD has started with a fork of OpenSSL - named LibreSSL (due to security issues that were troubling OpenSSL).
Please let me share with you the problem I experienced and how to fix it.

When using easyrsa (EasyRsa-v3.0.0-rc2) it shows an error:

Code: Select all

  Easy-RSA error:

  Missing or invalid OpenSSL
  Expected to find openssl command at: openssl
And when checking the openssl version, it shows:

Code: Select all

openssl version
  LibreSSL 2.0
In fact, the LibreSSL version works in the same way as OpenSSL, but identifies itself a bit differently.
After changing the easyrsa file - it works fine.

Below I show a diff - showing the change I did to make it work.

Code: Select all

--- easyrsa.old Sun Jul 27 14:30:49 2014
+++ easyrsa     Mon Nov 17 16:19:23 2014
@@ -288,7 +288,7 @@
        # Verify EASYRSA_OPENSSL command gives expected output
        if [ -z "$EASYRSA_SSL_OK" ]; then
                local val="$("$EASYRSA_OPENSSL" version)"
-               [ "${val%% *}" = "OpenSSL" ] || die "\
+               [ "${val%% *}" = "OpenSSL" -o  "${val%% *}" = "LibreSSL" ] || die "\
 Missing or invalid OpenSSL
 Expected to find openssl command at: $EASYRSA_OPENSSL"
        fi
Alternatively - if you want to do the same - you can just copy/paste:

Code: Select all

cp -p easyrsa easyrsa.old
cat easyrsa.old | perl -pe 's/(\[)( "\$\{val.. \*\}" = ")(OpenSSL)(")( ] \|\| die)/$1$2$3$4 -o $2LibreSSL$4$5/' > easyrsa; 
d
I guess this might be useful for people using/installing OpenVPN on OpenBSD.

chrisunix
OpenVpn Newbie
Posts: 3
Joined: Mon Dec 22, 2014 10:09 am

Re: Small modification to support LibreSSL (OpenBSD >=5.2)

Post by chrisunix » Tue Dec 23, 2014 10:47 am

Shall anyone be interested more in using OpenVPN on OpenBSD - you can look at:
http://www.openbsdsupport.org/openvpn-on-openbsd56.html

It also describes eg. how to migrate easyrsa2 keys to easyrsa3.

I will try to keep it updated for future versions of OpenBSD and OpenVPN / EasyRSA (eg. in case new issues arise with LibreSSL)

Post Reply