From: Theo Buehler Subject: Re: rpki-client: openssl 4 compat To: tech@openbsd.org Date: Mon, 13 Apr 2026 12:24:28 +0200 On Mon, Apr 13, 2026 at 12:11:38PM +0200, Theo Buehler wrote: > This adds two compat implementations for the OpenSSL 4 API that is > required to deal with opaque strings. This API will eventually land in > libcrypto but I did not manage to do that in this cycle for various > reasons. > > Once LibreSSL provides this, the file will move to portable, but for > now this way is simplest to ensure that rpki-client as expected with all > libcrypto versions we care about. > > I did not guard the prototypes in extern.h because there's no need. > > The openssl bit in regress isn't for commit. I did it this way to keep > the diff small if anyone wants to test that. You'll need to build and > install the security/openssl/4.0 and security/openssl/libretls4 ports. > > Portable should just work after linking asn1_bit_string.c to the build, > but OpenSSL 4 support needs a little logic to set HAVE_ASN1_BIT_STRING_* By the way, I am perfectly happy to hold on to this diff until after the rpki-client and openbsd releases. I don't think this is that urgent (OpenSSL 4 is bound to be released tomorrow), so it would be a nice to have but perhaps not worth the (small, IMO) risk.