X509 Plugin does not support OpenSSL 1.1

Zeek
1

can anyone help with this issue
openssl should be downgraded to 1.0.0
for compiling bro
openssl 1.1 is not compatible with bro compilation
OS- ubuntu 16.04
The following error is occurred

In file included from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.h:9:0,
                 from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:5:
/home/shrisha/bro-2.5/src/file_analysis/../File.h:17:16: note: forward
declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
                ^
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:479:25:
error: invalid use of incomplete type ‘EVP_PKEY {aka struct
evp_pkey_st}’
   return BN_num_bits(key->pkey.rsa->n);
                         ^
In file included from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.h:9:0,
                 from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:5:
/home/shrisha/bro-2.5/src/file_analysis/../File.h:17:16: note: forward
declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
                ^
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:482:25:
error: invalid use of incomplete type ‘EVP_PKEY {aka struct
evp_pkey_st}’
   return BN_num_bits(key->pkey.dsa->p);
                         ^
In file included from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.h:9:0,
                 from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:5:
/home/shrisha/bro-2.5/src/file_analysis/../File.h:17:16: note: forward
declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
                ^
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:492:48:
error: invalid use of incomplete type ‘EVP_PKEY {aka struct
evp_pkey_st}’
   const EC_GROUP *group = EC_KEY_get0_group(key->pkey.ec);
                                                ^
In file included from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.h:9:0,
                 from
/home/shrisha/bro-2.5/src/file_analysis/analyzer/x509/X509.cc:5:
/home/shrisha/bro-2.5/src/file_analysis/../File.h:17:16: note: forward
declaration of ‘EVP_PKEY {aka struct evp_pkey_st}’
typedef struct evp_pkey_st EVP_PKEY;
                ^
src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/build.make:119:
recipe for target
'src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/X509.cc.o'
failed
make[3]: *** [src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/X509.cc.o]
Error 1
make[3]: Leaving directory '/home/shrisha/bro-2.5/build'
CMakeFiles/Makefile2:9455: recipe for target
'src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/all'
failed
make[2]: *** [src/file_analysis/analyzer/x509/CMakeFiles/plugin-Bro-X509.dir/all]
Error 2
make[2]: Leaving directory '/home/shrisha/bro-2.5/build'
Makefile:138: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/shrisha/bro-2.5/build'
Makefile:15: recipe for target 'all' failed
make: *** [all] Error 2
shrisha@cdesktop:~/bro-2.5$

with Regards

kasarla shirisha

2

Hi,

in case you have not solved it yourself so far - you are right, OpenSSL
1.1 is not yet supported (it is on the list).

However I am a bit stumped by the fact that you encounter this on Ubuntu
16.04; 16.04 shups with OpenSSL 1.0.2 - so you should not have a problem
there. Is there any chance that you compiled OpenSSL 1.1 yourself and have
that laying around somewhere?

Johanna

3

Hi,

I have just checked the version of openssl

Selection_021.png

4

Hi Shirisha,

it should actually compile cleanly against that version of OpenSSL. Which version of openssl does the output of configure find, and what paths does it show?

Johanna