[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)



I know I'm going to annoy some people by saying this, I apologize in 
advance.  But this is definately an OpenLDAP bug.

It is entirely reseanable for two libraries to export the same function 
name.  It is up to OpenLDAP's build environment to make sure it gets the 
function it expects.  Maybe by specifying the library link order.

There should be an easier way to do this that to patch OpenSSL.

How about the solution he suggested? ie. -lcrypt before -lcrypto in the 
makefiles

We could also specify -lc before -lcrypto for platforms without a 
libcrypt maybe.

--Kervin


hyc@highlandsun.com wrote:
> The OpenSSL library is defective. See the FAQ-o-Matic.
> http://www.openldap.org/faq/data/cache/185.html
> 
> This is not an OpenLDAP bug, this issue will be closed.
> 
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support 
> 
> 
>>-----Original Message-----
>>From: owner-openldap-bugs@OpenLDAP.org
>>[mailto:owner-openldap-bugs@OpenLDAP.org]On Behalf Of ast@domdv.de
>>Sent: Thursday, October 03, 2002 3:29 AM
>>To: openldap-its@OpenLDAP.org
>>Subject: OpenLDAP uses crypt() of OpenSSL instead of system libraries
>>(ITS#2123)
>>
>>
>>Full_Name: Andreas Steinmetz
>>Version: 2.1.5
>>OS: Linux 2.4
>>URL: 
>>Submission from: (NULL) (217.229.56.110)
>>
>>
>>Description:
>>
>>OpenLDAP links against OpenSSL (-lcrypto) without prior 
>>linking against the
>>proper system library (-lcrypt) so the crypt() function of 
>>OpenSSL is used
>>instad of the system crypt() function.
>>
>>Problem:
>>
>>Unfortunately the OpenSSL crypt() function does not handle 
>>MD5 passwords as does
>>the system crypt() function (part of glibc 2.2.5). Thus 
>>transparent migration to
>>OpenLDAP from Shadow or NIS will fail for all more modern 
>>installations as the
>>user passwords are not processed correctly.
>>
>>Solution:
>>
>>Assert to link against -lcrypt prior to linking against 
>>-lcrypto on systems
>>which do have an explicit crypt library, i.e. include 
>>LUTIL_LIBS for linking
>>(seems to be defined but ignored) and do it before including TLS_LIBS.
>>
>>
> 
> 
> 
>