On Mon, Apr 27, 2026 at 07:44:19PM +0000, Job Snijders wrote:
> On Mon, Apr 13, 2026 at 12:11:38PM +0200, Theo Buehler wrote:
> > This adds two compat implementations for the OpenSSL 4 API that is
> > required to deal with opaque strings. This API will eventually land in
> > libcrypto but I did not manage to do that in this cycle for various
> > reasons.
> 
> OK job@
> 
> one question below
> 
> > Once LibreSSL provides this, the file will move to portable, but for
> > now this way is simplest to ensure that rpki-client as expected with all
> > libcrypto versions we care about.
> > 
> > I did not guard the prototypes in extern.h because there's no need.
> > 
> > The openssl bit in regress isn't for commit. I did it this way to keep
> > the diff small if anyone wants to test that. You'll need to build and
> > install the security/openssl/4.0 and security/openssl/libretls4 ports.
> 
> with the regress piece in my tree, i didn't seem to need libretls4 to
> run make in /usr/src/regress/usr.sbin/rpki-client/openssl/ - are you and
> I testing something else? :)

There are '&& exists(/usr/local/lib/${EOPENSSL}/libtls.a)' where EOPENSSL
expands to eopenssl40, and without libretls4, this check will be false.

Without libretls4 it will still compile and run the basic regress tests
like test-roa.c, etc. But it won't compile rpki-client against libretls4
and build/obj/rpki-client won't exist (or be old).