Full_Name: Mitchell Blank Version: 2.4.43 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (80.169.198.86) Recently a couple alpha releases for OpenSSL 1.1.X have been posted on www.openssl.org with the request that software be tested against them prior to release. I tried compiling the most recent OpenLDAP against it, but it failed. One of the overarching changes that OpenSSL is making is that many of its datatypes are now only visible as opaque pointers (in other words, their layout and size are considered private to OpenSSL itself) This caused the following compile errors in tls_o.c: > openldap-2.4.43/libraries/libldap/tls_o.c: In function �tlso_ctx_ref�: > openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing pointer to incomplete type > CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX ); > ^ > openldap-2.4.43/libraries/libldap/tls_o.c: In function �tlso_session_my_dn�: > openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing pointer to incomplete type der_dn->bv_val = xn->bytes->data; > ^ > openldap-2.4.43/libraries/libldap/tls_o.c: In function �tlso_session_peer_dn�: > openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing pointer to incomplete type der_dn->bv_val = xn->bytes->data; > ^ > openldap-2.4.43/libraries/libldap/tls_o.c: In function �tlso_session_chkhost�: > openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing pointer to incomplete type > if ( !OBJ_cmp( ne->object, obj )) { > ^ The last one can probably be replaced with a X509_NAME_ENTRY_get_object() call. I don't know enough about the X509_NAME API to know how to fix the ->bytes->data ones. For what it's worth, there were also a couple deprecated warnings: > openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: �ERR_remove_state� is deprecated > openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning: �DH_generate_parameters� is deprecated Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 is expected to be released and suddenly a lot more people will be hitting this issue.
m-oldap@bodyfour.uk wrote: > Full_Name: Mitchell Blank > Version: 2.4.43 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (80.169.198.86) > > > Recently a couple alpha releases for OpenSSL 1.1.X have been posted on > www.openssl.org with the request that software be tested against them prior to > release. Thanks for the report. There are clearly 2 issues the OpenSSL folks will have to resolve before this will work. https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html > > I tried compiling the most recent OpenLDAP against it, but it failed. One of > the overarching changes that OpenSSL is making is that many of its datatypes are > now only visible as opaque pointers (in other words, their layout and size are > considered private to OpenSSL itself) > > This caused the following compile errors in tls_o.c: > >> openldap-2.4.43/libraries/libldap/tls_o.c: In function ‘tlso_ctx_ref’: >> openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing pointer > to incomplete type >> CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX ); >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function ‘tlso_session_my_dn’: >> openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing pointer > to incomplete type > der_dn->bv_val = xn->bytes->data; >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function > ‘tlso_session_peer_dn’: >> openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing pointer > to incomplete type > der_dn->bv_val = xn->bytes->data; >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function > ‘tlso_session_chkhost’: >> openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing pointer > to incomplete type >> if ( !OBJ_cmp( ne->object, obj )) { >> ^ > > > The last one can probably be replaced with a X509_NAME_ENTRY_get_object() call. > I don't know enough about the X509_NAME API to know how to fix the ->bytes->data > ones. > > For what it's worth, there were also a couple deprecated warnings: > >> openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: ‘ERR_remove_state’ > is deprecated >> openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning: > ‘DH_generate_parameters’ is deprecated > > Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 is > expected to be released and suddenly a lot more people will be hitting this > issue. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Open to Partial moved from Incoming to Development
Howard Chu wrote: > m-oldap@bodyfour.uk wrote: >> Full_Name: Mitchell Blank >> Version: 2.4.43 >> OS: linux >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (80.169.198.86) >> >> >> Recently a couple alpha releases for OpenSSL 1.1.X have been posted on >> www.openssl.org with the request that software be tested against them prior to >> release. > > Thanks for the report. There are clearly 2 issues the OpenSSL folks will have > to resolve before this will work. > > https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html > https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html The remaining unresolved issue is in their tracker at https://rt.openssl.org/Ticket/Display.html?id=4274 -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Howard Chu wrote: > Howard Chu wrote: >> m-oldap@bodyfour.uk wrote: >>> Full_Name: Mitchell Blank >>> Version: 2.4.43 >>> OS: linux >>> URL: ftp://ftp.openldap.org/incoming/ >>> Submission from: (NULL) (80.169.198.86) >>> >>> >>> Recently a couple alpha releases for OpenSSL 1.1.X have been posted on >>> www.openssl.org with the request that software be tested against them prior to >>> release. >> >> Thanks for the report. There are clearly 2 issues the OpenSSL folks will have >> to resolve before this will work. >> >> https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html >> https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html > > The remaining unresolved issue is in their tracker at > https://rt.openssl.org/Ticket/Display.html?id=4274 > Resolved by commit 7ab507495b86371756575d606af556b4fd74e27a All building and working now. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed notes changed state Partial to Test
changed notes changed state Test to Release
changed notes
fixed in master fixed in RE25 fixed in RE24 (2.4.45) See also ITS8533
changed notes changed state Release to Closed