a patch for OpenVPN 2.4.5 to prevent errors when compiling with LibreSSL 2.6.4

Here is a patch for OpenVPN 2.4.5 to prevent errors when compiling with LibreSSL 2.6.4:

diff --git a/configure.ac b/configure.ac
index 88d1e09..7db5c79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -935,6 +935,18 @@ if test "${enable_crypto}" = "yes" -a "${with_crypto_library}" = "openssl"; then
 			EC_GROUP_order_bits
 		]
 	)
+	AC_CHECK_DECL(
+		[
+			SSL_CTX_get_min_proto_version,
+			SSL_CTX_get_max_proto_version,
+			SSL_CTX_set_min_proto_version,
+			SSL_CTX_set_max_proto_version,
+		],
+		,
+		,
+		[[#include <openssl/ssl.h>]]
+
+	)
 
 	CFLAGS="${saved_CFLAGS}"
 	LIBS="${saved_LIBS}"
diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
index d375fab..340d452 100644
--- a/src/openvpn/openssl_compat.h
+++ b/src/openvpn/openssl_compat.h
@@ -661,7 +661,7 @@ EC_GROUP_order_bits(const EC_GROUP *group)
 #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT       RSA_F_RSA_EAY_PRIVATE_ENCRYPT
 #endif
 
-#ifndef SSL_CTX_get_min_proto_version
+#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION
 /** Return the min SSL protocol version currently enabled in the context.
  *  If no valid version >= TLS1.0 is found, return 0. */
 static inline int
@@ -684,7 +684,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
 }
 #endif /* SSL_CTX_get_min_proto_version */
 
-#ifndef SSL_CTX_get_max_proto_version
+#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION
 /** Return the max SSL protocol version currently enabled in the context.
  *  If no valid version >= TLS1.0 is found, return 0. */
 static inline int
@@ -707,7 +707,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
 }
 #endif /* SSL_CTX_get_max_proto_version */
 
-#ifndef SSL_CTX_set_min_proto_version
+#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION
 /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
 static inline int
 SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
@@ -736,7 +736,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
 }
 #endif /* SSL_CTX_set_min_proto_version */
 
-#ifndef SSL_CTX_set_max_proto_version
+#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION
 /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
 static inline int
 SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)

Source here, I altered it to work with OpenVPN 2.4.5.

But it only works when autoconf is actually called (so it doesn’t work for openvpn-build).

OpenVPN built with LibreSSL – Windows binaries

Sometimes, when you cannot find something on the web, you have to build it yourself. Eventually this resulted in some working executables for OpenVPN, built with LibreSSL, to be ran on Windows.

To use these, first grab the regular setup from the OpenVPN website’s download section, install it, and afterwards replace the files in the bin subdirectory with the ones from the correct ZIP file below. Now you can delete libeay32.dll and ssleay32.dll – they came with the original installer and will not be used by the new executables.

Last updated:
2017-Dec-22

openvpn2.4.4-libressl2.6.4-win64.zip
SHA-256:
6d2cffb8664bb93ddbb91a184a41145da5c7b733376cbeafa5ef82d6ef8c0bdd

openvpn2.3.18-libressl2.6.4-win64.zip
SHA-256:
b925ebff91c2afa3dedd2bc5259d395ac5ec2bbad3909defcc36ea4ac3621f96

I’ll try to keep up with new releases and post new builds over time.

The instructions I followed for building are described here.
Also see: github.com/woohooyeah/openvpn-build