Full_Name: Pawe&#322; P&#281;kala Version: 2.4.45 OS: FreeBSD 12-CURRENT URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781 Submission from: (NULL) (62.141.192.76) Latest version fails to build with LibreSSL. Following patch fixes issue for me: --- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC +++ libraries/libldap/tls_o.c @@ -47,7 +47,7 @@ #include <ssl.h> #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100000 +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif @@ -157,7 +157,7 @@ tlso_init( void ) (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); SSL_library_init(); OpenSSL_add_all_digests(); @@ -205,7 +205,7 @@ static void tlso_ctx_ref( tls_ctx *ctx ) { tlso_ctx *c = (tlso_ctx *)ctx; -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX ) #endif SSL_CTX_up_ref( c ); @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * if (!x) return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; #else @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval return LDAP_INVALID_CREDENTIALS; xn = X509_get_subject_name(x); -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn, NULL ); der_dn->bv_val = xn->bytes->data; #else @@ -721,7 +721,7 @@ struct tls_data { Sockbuf_IO_Desc *sbiod; }; -#if OPENSSL_VERSION_NUMBER < 0x10100000 +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x) b->init = x #define BIO_set_data(b, x) b->ptr = x #define BIO_clear_flags(b, x) b->flags &= ~(x) @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) return tlso_bio_write( b, str, strlen( str ) ); } -#if OPENSSL_VERSION_NUMBER >= 0x10100000 +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st { int type; const char *name;
pawel@FreeBSD.org wrote: > Full_Name: Pawe&#322; P&#281;kala > Version: 2.4.45 > OS: FreeBSD 12-CURRENT > URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781 > Submission from: (NULL) (62.141.192.76) > No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros, especially if it doesn't actually implement the features of those versions. > Latest version fails to build with LibreSSL. Following patch fixes issue for > me: > > --- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC > +++ libraries/libldap/tls_o.c > @@ -47,7 +47,7 @@ > #include <ssl.h> > #endif > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000 > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) > #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) > #endif > > @@ -157,7 +157,7 @@ tlso_init( void ) > (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); > #endif > > -#if OPENSSL_VERSION_NUMBER < 0x10100000 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) > SSL_load_error_strings(); > SSL_library_init(); > OpenSSL_add_all_digests(); > @@ -205,7 +205,7 @@ static void > tlso_ctx_ref( tls_ctx *ctx ) > { > tlso_ctx *c = (tlso_ctx *)ctx; > -#if OPENSSL_VERSION_NUMBER < 0x10100000 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) > #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, > CRYPTO_LOCK_SSL_CTX ) > #endif > SSL_CTX_up_ref( c ); > @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval * > if (!x) return LDAP_INVALID_CREDENTIALS; > > xn = X509_get_subject_name(x); > -#if OPENSSL_VERSION_NUMBER < 0x10100000 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) > der_dn->bv_len = i2d_X509_NAME( xn, NULL ); > der_dn->bv_val = xn->bytes->data; > #else > @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval > return LDAP_INVALID_CREDENTIALS; > > xn = X509_get_subject_name(x); > -#if OPENSSL_VERSION_NUMBER < 0x10100000 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) > der_dn->bv_len = i2d_X509_NAME( xn, NULL ); > der_dn->bv_val = xn->bytes->data; > #else > @@ -721,7 +721,7 @@ struct tls_data { > Sockbuf_IO_Desc *sbiod; > }; > > -#if OPENSSL_VERSION_NUMBER < 0x10100000 > +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER) > #define BIO_set_init(b, x) b->init = x > #define BIO_set_data(b, x) b->ptr = x > #define BIO_clear_flags(b, x) b->flags &= ~(x) > @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) > return tlso_bio_write( b, str, strlen( str ) ); > } > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000 > +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) > struct bio_method_st { > int type; > const char *name; > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Hi Howard, On 2017-06-05 17:03 +0100, Howard Chu <hyc@symas.com> wrote: >pawel@FreeBSD.org wrote: >> Full_Name: Pawe&#322; P&#281;kala >> Version: 2.4.45 >> OS: FreeBSD 12-CURRENT >> URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219781 >> Submission from: (NULL) (62.141.192.76) >> > >No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros, >especially if it doesn't actually implement the features of those >versions. > First off let me clarify first that I'm not representing LibreSSL project, this is my opinion as a outsider. From my point of view they are keeping OPENSSL_VERSION_NUMBER for backwards compatibility not forwards, from their openssl/opensslv.h: * These will change with each release of LibreSSL-portable */ #define LIBRESSL_VERSION_NUMBER 0x2050400fL #define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.4" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L >> Latest version fails to build with LibreSSL. Following patch fixes >> issue for me: >> >> --- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC >> +++ libraries/libldap/tls_o.c >> @@ -47,7 +47,7 @@ >> #include <ssl.h> >> #endif >> >> -#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> && !defined(LIBRESSL_VERSION_NUMBER) #define >> ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif >> >> @@ -157,7 +157,7 @@ tlso_init( void ) >> (void) tlso_seed_PRNG( lo->ldo_tls_randfile ); >> #endif >> >> -#if OPENSSL_VERSION_NUMBER < 0x10100000 >> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || >> defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings(); >> SSL_library_init(); >> OpenSSL_add_all_digests(); >> @@ -205,7 +205,7 @@ static void >> tlso_ctx_ref( tls_ctx *ctx ) >> { >> tlso_ctx *c = (tlso_ctx *)ctx; >> -#if OPENSSL_VERSION_NUMBER < 0x10100000 >> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || >> defined(LIBRESSL_VERSION_NUMBER) #define >> SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, >> CRYPTO_LOCK_SSL_CTX ) #endif >> SSL_CTX_up_ref( c ); >> @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct >> berval * if (!x) return LDAP_INVALID_CREDENTIALS; >> >> xn = X509_get_subject_name(x); >> -#if OPENSSL_VERSION_NUMBER < 0x10100000 >> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || >> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn, >> NULL ); der_dn->bv_val = xn->bytes->data; >> #else >> @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct >> berval return LDAP_INVALID_CREDENTIALS; >> >> xn = X509_get_subject_name(x); >> -#if OPENSSL_VERSION_NUMBER < 0x10100000 >> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || >> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len = i2d_X509_NAME( xn, >> NULL ); der_dn->bv_val = xn->bytes->data; >> #else >> @@ -721,7 +721,7 @@ struct tls_data { >> Sockbuf_IO_Desc *sbiod; >> }; >> >> -#if OPENSSL_VERSION_NUMBER < 0x10100000 >> +#if OPENSSL_VERSION_NUMBER < 0x10100000 || >> defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x) >> b->init = x #define BIO_set_data(b, x) b->ptr = x >> #define BIO_clear_flags(b, x) b->flags &= ~(x) >> @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str ) >> return tlso_bio_write( b, str, strlen( str ) ); >> } >> >> -#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> +#if OPENSSL_VERSION_NUMBER >= 0x10100000 >> && !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st { >> int type; >> const char *name; >> >> >> > > -- pozdrawiam / with regards Paweł Pękala
See also ITS#7978, ITS#8445
changed notes moved from Incoming to Software Enhancements
*** This issue has been marked as a duplicate of issue 7978 ***