WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency  (Read 879 times)

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Was having an issue with openvpn 2.4.9 extension coexist with openssh extension on Tiny Core 14 x86. openvpn was not able to read any SSL certificates:

Code: [Select]
Mon Feb  5 20:40:36 2024 us=172773 OpenVPN 2.4.9 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  2 2020
Mon Feb  5 20:40:36 2024 us=172945 library versions: OpenSSL 1.1.1w  11 Sep 2023, LZO 2.10
Mon Feb  5 20:40:36 2024 us=173564 PO_INIT maxevents=4 flags=0x00000002
Mon Feb  5 20:40:36 2024 us=186835 OpenSSL: error:25066067:DSO support routines:dlfcn_load:could not load the shared library
Mon Feb  5 20:40:36 2024 us=187016 OpenSSL: error:25070067:DSO support routines:DSO_load:could not load the shared library
Mon Feb  5 20:40:36 2024 us=187167 OpenSSL: error:0E07506E:configuration file routines:module_load_dso:error loading dso
Mon Feb  5 20:40:36 2024 us=187310 OpenSSL: error:0E076071:configuration file routines:module_run:unknown module name
Mon Feb  5 20:40:36 2024 us=187452 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Mon Feb  5 20:40:36 2024 us=187571 Error reading extra certificate
Mon Feb  5 20:40:36 2024 us=187684 Exiting due to fatal error

Problem was, openssh depends on openssl.tcz, but openvpn depends on a different openssl-1.1.1.tcz

Ended up getting rid of all openssl-1.1.1 stuff, downloading and compiling openvpn 2.5.1 :

2024-02-05 22:23:28 OpenVPN 2.5.1 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  5 2024
2024-02-05 22:23:28 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
2024-02-05 22:23:28 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-02-05 22:23:28 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-02-05 22:23:28 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2024-02-05 22:23:28 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2024-02-05 22:23:28 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194
2024-02-05 22:23:28 Socket Buffers: R=[180224->180224] S=[180224->180224]
2024-02-05 22:23:28 UDP link local: (not bound)
2024-02-05 22:23:28 UDP link remote: [AF_INET]xxx:1194
2024-02-05 22:23:28 TLS: Initial packet from [AF_INET]xxx:1194, sid=35224f82 77356a5b
2024-02-05 22:23:28 VERIFY OK: depth=1, CN=xxx
2024-02-05 22:23:28 VERIFY KU OK
2024-02-05 22:23:28 Validating certificate extended key usage
2024-02-05 22:23:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-02-05 22:23:28 VERIFY EKU OK
2024-02-05 22:23:28 VERIFY X509NAME OK: CN=xxx
2024-02-05 22:23:28 VERIFY OK: depth=0, CN=xxx

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #1 on: February 06, 2024, 04:57:42 AM »
Submitted 2.5.1 update to the repository. But noticed the build script created a huge 2MB file  ???
« Last Edit: February 06, 2024, 05:02:53 AM by ovacikar »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11256
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #2 on: February 06, 2024, 06:56:08 AM »
Hi ovacikar
... But noticed the build script created a huge 2MB file  ???
Since we don't know which build script you used, we can
only make some general comments.

Extension.tcz         <-- Programs and libraries get stripped to reduce size.

Typically, the following items get removed and packaged into separate extensions:
Extension-dev.tcz     <-- Development files, headers (.h), static libraries (.a), .pc, etc.
Extension-doc.tcz     <-- Document files, man pages, etc.
Extension-locale.tcz   <-- Language files, .mo, etc.
« Last Edit: February 06, 2024, 08:27:55 AM by Rich »

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #3 on: February 06, 2024, 04:04:07 PM »
I used the same build script as the previous submission , 11.x 2.4.9.

Replacing openssl dependency, URL and download with curl instead of wget

http://tinycorelinux.net/11.x/x86/tcz/src/openvpn/openvpn.build
« Last Edit: February 06, 2024, 04:06:05 PM by ovacikar »

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11256
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #4 on: February 06, 2024, 06:03:21 PM »
Hi ovacikar
I can't say for sure why your package is so much larger. I suspect
part of it is compiler related. Over the years, it seems that each
new version of gcc produces bigger binaries than the previous
version.

Extension.tcz         <-- Programs and libraries get stripped to reduce size.
I don't see that happening in the script. The other thing I don't see
is compiler flags being set. It's possible the previous submitter ran
these commands prior to running the script:
Code: [Select]
export CFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export CXXFLAGS="-march=i486 -mtune=i686 -Os -pipe"
export LDFLAGS="-Wl,-O1"

Quote
Extension-dev.tcz     <-- Development files, headers (.h), static libraries (.a), .pc, etc.
I doubt that's it. It's only 2 header files.

Quote
Extension-doc.tcz     <-- Document files, man pages, etc.
This may be part of it. The man pages look like they are about 150K to 200K.

Quote
Extension-locale.tcz   <-- Language files, .mo, etc.
No language files, so that's not it.

Offline patrikg

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 676
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #5 on: February 06, 2024, 11:31:07 PM »
How about option "-Os -s" to also strip in the CXXFLAGS.
Don't know if this breaks something, but just test a another option, just run strip
to the binary's if you have not do so.

Also read on the stack.
Quote
"gcc -s" removes the relocation information along with the symbol table which is not done by "strip". Note that, removing relocation information would have some effect on Address space layout randomization. See this link.http://en.wikipedia.org/wiki/Address_space_layout_randomization
« Last Edit: February 06, 2024, 11:37:44 PM by patrikg »

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #6 on: February 07, 2024, 03:42:59 AM »
The EXPORT lines from Rich helped. Size is down to 600K including the man page.

Offline patrikg

  • Wiki Author
  • Hero Member
  • *****
  • Posts: 676
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #7 on: February 07, 2024, 04:27:25 AM »
Yes, and thx for the confirm.
And if you need to compress because of more size limits, you can even upx the executable file.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11256
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #8 on: February 07, 2024, 05:54:10 AM »
Hi ovacikar
The EXPORT lines from Rich helped. Size is down to 600K including the man page.
Then I'd say that's the explanation. From the current
TC14 x86 info file:
Quote
Title:          openvpn.tcz
Description:    OpenVPN - Open Source Virtual Private Network
Version:        2.4.9
Author:         Various (see /usr/local/share/doc/openvpn/License/openvpn-authors.txt)
Original-site:  http://openvpn.net
Copying-policy: GPL (see /usr/local/share/doc/openvpn/License/openvpn-copying.txt)
Size:           576KB
Extension_by:   gutmensch, gnuser
Tags:           VPN connection network OpenVPN
Comments:       For client access use:
                $ sudo openvpn --config /path/to/your/conf

So your size is right in line with the previous version.

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #9 on: February 07, 2024, 09:02:41 AM »
I further commented out the man pages in the build script and down to 484 K

Code: [Select]
484K Feb  7 12:14 openvpn.tcz

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11256
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #10 on: February 07, 2024, 09:17:55 AM »
Hi ovacikar
You could package the man pages into a separate
openvpn-doc.tcz  extension.

Offline ovacikar

  • Newbie
  • *
  • Posts: 36
Re: [SOLVED] openvpn-2.4.9 x86 extension has a broken openssl dependency
« Reply #11 on: February 11, 2024, 06:26:53 AM »
I have noticed that the openvpn  2.5.1 version reported by debian includes patches for vulnerabilities released in later versions. So I do not recommend to use 2.5.1 version I compiled on this thread.