Ubuntu 18 and Bro compile issue

Zeek
1

Well this has been a hoot. Here’s the ssl libs installed:

ii libssl-dev:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - development files
ii libssl-doc 1.1.0g-2ubuntu4 all Secure Sockets Layer toolkit - development documentation
ii libssl1.0.0:amd64 1.0.2n-1ubuntu5 amd64 Secure Sockets Layer toolkit - shared libraries
ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries

ssl bits from ./configure:

– Performing Test including_ssl_h_works
– Performing Test including_ssl_h_works - Success
– Performing Test openssl_greater_than_0_9_7
– Performing Test openssl_greater_than_0_9_7 - Success
– Performing Test OPENSSL_D2I_X509_USES_CONST_CHAR
– Performing Test OPENSSL_D2I_X509_USES_CONST_CHAR - Success
– Performing Test OPENSSL_CORRECT_VERSION_NUMBER
– Performing Test OPENSSL_CORRECT_VERSION_NUMBER - Success
– Performing Test have_nameser_header
– Performing Test have_nameser_header - Success
– Performing Test cxx11_header_works
– Performing Test cxx11_header_works - Success

and the actual error below…on a hunch I compiled this against a git install of libressl with the --with-openssl flag and it compiled just fine. Looks like bro is unimpressed with the system installed openssl on the newly released Bionic Server. I tested with 2.5.3 with the same results. Thank you.

[ 85%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/BitVector.cc.o
functions.bif: In function ‘X509* x509_get_ocsp_signer(stack_st_X509*, OCSP_RESPID*)’:
functions.bif:114:10: error: invalid use of incomplete type ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:164:16: note: forward declaration of ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
typedef struct ocsp_responder_id_st OCSP_RESPID;
^~~~~~~~~~~~~~~~~~~~
functions.bif:115:41: error: invalid use of incomplete type ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:164:16: note: forward declaration of ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
typedef struct ocsp_responder_id_st OCSP_RESPID;
^~~~~~~~~~~~~~~~~~~~
functions.bif:118:10: error: invalid use of incomplete type ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:164:16: note: forward declaration of ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
typedef struct ocsp_responder_id_st OCSP_RESPID;
^~~~~~~~~~~~~~~~~~~~
functions.bif:122:10: error: invalid use of incomplete type ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:164:16: note: forward declaration of ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
typedef struct ocsp_responder_id_st OCSP_RESPID;
^~~~~~~~~~~~~~~~~~~~
functions.bif:125:31: error: invalid use of incomplete type ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:164:16: note: forward declaration of ‘OCSP_RESPID {aka struct ocsp_responder_id_st}’
typedef struct ocsp_responder_id_st OCSP_RESPID;
^~~~~~~~~~~~~~~~~~~~
functions.bif: In function ‘Val* BifFunc::bro_x509_ocsp_verify(Frame*, val_list*)’:
functions.bif:290:14: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:292:8: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:293:15: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:303:21: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:311:37: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:311:51: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:329:45: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:336:55: error: invalid use of incomplete type ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:127:16: note: forward declaration of ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
typedef struct x509_store_ctx_st X509_STORE_CTX;
^~~~~~~~~~~~~~~~~
functions.bif:337:68: error: invalid use of incomplete type ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from functions.bif:2:
/usr/include/openssl/ossl_typ.h:127:16: note: forward declaration of ‘X509_STORE_CTX {aka struct x509_store_ctx_st}’
typedef struct x509_store_ctx_st X509_STORE_CTX;
^~~~~~~~~~~~~~~~~
functions.bif:365:15: error: aggregate ‘X509_OBJECT obj’ has incomplete type and cannot be defined
functions.bif:384:41: error: invalid use of incomplete type ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:110:16: note: forward declaration of ‘OCSP_BASICRESP {aka struct ocsp_basic_response_st}’
typedef struct ocsp_basic_response_st OCSP_BASICRESP;
^~~~~~~~~~~~~~~~~~~~~~
functions.bif:391:33: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:395:42: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:395:94: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:408:27: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:410:32: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:412:18: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:413:60: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif:417:59: error: invalid use of incomplete type ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
In file included from functions.bif:8:0:
/usr/include/openssl/ocsp.h:104:16: note: forward declaration of ‘OCSP_SINGLERESP {aka struct ocsp_single_response_st}’
typedef struct ocsp_single_response_st OCSP_SINGLERESP;
^~~~~~~~~~~~~~~~~~~~~~~
functions.bif: In function ‘Val* BifFunc::bro_x509_verify(Frame*, val_list*)’:
functions.bif:494:17: error: aggregate ‘X509_STORE_CTX csc’ has incomplete type and cannot be defined
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc: In static member function ‘static RecordVal* file_analysis::X509::ParseCertificate(file_analysis::X509Val*, const char*)’:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:142:43: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->cert_info->key->algor->algorithm) )
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:154:27: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
if ( OBJ_obj2nid(ssl_cert->cert_info->key->algor->algorithm) == NID_md5WithRSAEncryption )
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:156:27: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
old_algorithm = ssl_cert->cert_info->key->algor->algorithm;
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:157:11: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
ssl_cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:160:43: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
if ( ! i2t_ASN1_OBJECT(buf, 255, ssl_cert->sig_alg->algorithm) )
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:169:12: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
if ( pkey->type == EVP_PKEY_DSA )
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:172:17: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
else if ( pkey->type == EVP_PKEY_RSA )
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:176:35: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
char exponent = BN_bn2dec(pkey->pkey.rsa->e);
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:185:17: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
else if ( pkey->type == EVP_PKEY_EC )
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:195:12: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
ssl_cert->cert_info->key->algor->algorithm = old_algorithm;
^~
In file included from /usr/include/openssl/x509.h:20:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
typedef struct x509_st X509;
^~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc: In member function ‘void file_analysis::X509::ParseExtension(X509_EXTENSION)’:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:266:35: error: invalid use of incomplete type ‘X509_EXTENSION {aka struct X509_extension_st}’
M_ASN1_OCTET_STRING_print(biomex->value);
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/x509.h:79:16: note: forward declaration of ‘X509_EXTENSION {aka struct X509_extension_st}’
typedef struct X509_extension_st X509_EXTENSION;
^~~~~~~~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:266:3: error: ‘M_ASN1_OCTET_STRING_print’ was not declared in this scope
M_ASN1_OCTET_STRING_print(biomex->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:266:3: note: suggested alternative: ‘ASN1_OCTET_STRING_it’
M_ASN1_OCTET_STRING_print(biomex->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
ASN1_OCTET_STRING_it
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc: In member function ‘void file_analysis::X509::ParseSAN(X509_EXTENSION*)’:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:360:64: warning: ‘unsigned char* ASN1_STRING_data(ASN1_STRING*)’ is deprecated [-Wdeprecated-declarations]
const char* name = (const char*) ASN1_STRING_data(gen->d.ia5);
^
In file included from /usr/include/openssl/bn.h:31:0,
from /usr/include/openssl/asn1.h:24,
from /usr/include/openssl/objects.h:916,
from /usr/include/openssl/evp.h:27,
from /usr/include/openssl/x509.h:23,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:12,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/usr/include/openssl/asn1.h:553:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char ASN1_STRING_data(ASN1_STRING x))
^
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc: In static member function ‘static StringVal file_analysis::X509::KeyCurve(EVP_PKEY)’:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:448:10: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
if ( key->type != EVP_PKEY_EC )
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:456:37: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
if ( (group = EC_KEY_get0_group(key->pkey.ec)) == NULL)
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc: In static member function ‘static unsigned int file_analysis::X509::KeyLength(EVP_PKEY*)’:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:477:12: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
switch(key->type) {
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:479:25: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
return BN_num_bits(key->pkey.rsa->n);
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:482:25: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
return BN_num_bits(key->pkey.dsa->p);
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:492:48: error: invalid use of incomplete type ‘EVP_PKEY {aka struct evp_pkey_st}’
const EC_GROUP group = EC_KEY_get0_group(key->pkey.ec);
^~
In file included from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.h:9:0,
from /home/me/nobackup/build/bro-2.5.4/src/file_analysis/analyzer/x509/X509.cc:5:
/home/me/nobackup/build/bro-2.5.4/src/file_analysis/…/File.h:17:16: note: forward declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
^~~~~~~~~~~
src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/build.make:263: recipe for target ‘src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/functions.bif.cc.o’ failed
make[3]: *** [src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/functions.bif.cc.o] Error 1
make[3]: *** Waiting for unfinished jobs…
[ 85%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/BloomFilter.cc.o
[ 85%] Building CXX object src/logging/writers/none/CMakeFiles/plugin-Bro-NoneWriter.dir/Plugin.cc.o
[ 85%] Building CXX object src/logging/writers/sqlite/CMakeFiles/plugin-Bro-SQLiteWriter.dir/sqlite.bif.init.cc.o
/home/me/nobackup/build/bro-2.5.4/src/logging/writers/ascii/Ascii.cc: In member function ‘virtual bool logging::writer::Ascii::DoRotate(const char, double, double, bool)’:
/home/me/nobackup/build/bro-2.5.4/src/logging/writers/ascii/Ascii.cc:376:13: warning: ignoring return value of ‘char* strerror_r(int, char*, size_t)’, declared with attribute warn_unused_result [-Wunused-result]
strerror_r(errno, buf, sizeof(buf));

src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/build.make:119: recipe for target 'src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/X509.cc.o' failed
make[3]: *** [src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/X509.cc.o] Error 1
make[3]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
CMakeFiles/Makefile2:9368: recipe for target 'src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/all' failed
make[2]: *** [src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/all] Error 2
make[2]: *** Waiting for unfinished jobs....
[ 85%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/CardinalityCounter.cc.o
[ 85%] Building CXX object src/logging/writers/none/CMakeFiles/plugin-Bro-NoneWriter.dir/none.bif.cc.o
[ 85%] Building CXX object src/logging/writers/none/CMakeFiles/plugin-Bro-NoneWriter.dir/none.bif.init.cc.o
[ 85%] Building CXX object src/logging/writers/ascii/CMakeFiles/plugin-Bro-AsciiWriter.dir/Plugin.cc.o
[ 85%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/Hasher.cc.o
[ 86%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/CounterVector.cc.o
[ 86%] Building CXX object src/logging/writers/ascii/CMakeFiles/plugin-Bro-AsciiWriter.dir/ascii.bif.cc.o
[ 87%] Building CXX object src/logging/writers/ascii/CMakeFiles/plugin-Bro-AsciiWriter.dir/ascii.bif.init.cc.o
[ 87%] Linking CXX static library libplugin-Bro-SQLiteWriter.a
make[3]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
[ 87%] Building CXX object src/probabilistic/CMakeFiles/bro_probabilistic.dir/Topk.cc.o
[ 88%] Built target plugin-Bro-SQLiteWriter
[ 88%] Linking CXX static library libplugin-Bro-NoneWriter.a
make[3]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
[ 88%] Built target plugin-Bro-NoneWriter
[ 88%] Linking CXX static library libplugin-Bro-AsciiWriter.a
make[3]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
[ 88%] Built target plugin-Bro-AsciiWriter
[ 88%] Linking CXX static library libbro_probabilistic.a
make[3]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
[ 88%] Built target bro_probabilistic
make[2]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
Makefile:151: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/me/nobackup/build/bro-2.5.4/build'
Makefile:15: recipe for target 'all' failed
make: *** [all] Error 2
2

You need libssl1.0-dev

Debian ported it to 1.1, but I don't know if they ever submitted the patch to be merged:

https://sources.debian.org/patches/bro/2.5.3-1/0004-Port-most-of-bro-to-OpenSSL-1.1.patch/

3

You need libssl1.0-dev

Debian ported it to 1.1, but I don't know if they ever submitted the patch to be merged:

https://sources.debian.org/patches/bro/2.5.3-1/0004-Port-most-of-bro-to-OpenSSL-1.1.patch/

Patch (with quite a bit of additional work) is in master. However notice that the patch ports "most" of Bro to OpenSSL 1.1, not all.

Thus the patch is in and Bro still does not compile with 1.1 yet. We are a bit special because we use a lot of their features - and porting everything over is a significant amount of work.

Johanna

4

Thanks all...so at this point what's my best move? Stand fast and wait or something else. Thank you.

James

5

Installing libssl1.0-dev will get bro to build

6

Thanks all...so at this point what's my best move? Stand fast and wait
or something else. Thank you.

Install libssl10-dev, and you should be good.

Johanna

7

Ok cool thanks...that's a downgrade from 1.1.0g-dev to libssl1.0-dev so I think I'll just stick with compiling it against libressl for now. Thanks again.

James