[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7978) OpenLDAP 2.4 fails to build with LibreSSL
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7978) OpenLDAP 2.4 fails to build with LibreSSL
- From: hyc@symas.com
- Date: Wed, 05 Nov 2014 20:35:06 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Spil Oss wrote:
> Hi Howard,
>
> Thanks for the pointer. --enable-lmpasswd was indeed enabled in the
> FreeBSD port. Notifying maintainer of port to switch it off and
> provided a patch for the port.
> Hope the patch I created for OpenLDAP is usable after all! Deprecated
> code in a function that should not be used, would it not be better to
> remove it completely? (or is that violating the RFCs?)
Very likely we should remove it. Will queue that up for 2.5. 2.4 is
end-of-life and feature-frozen so nothing will be added or removed from it.
> Kind regards,
>
> Bernard.
>
> On Wed, Nov 5, 2014 at 5:48 PM, Howard Chu <hyc@symas.com> wrote:
>> spil.oss@gmail.com wrote:
>>>
>>> Full_Name: Bernard Spil
>>> Version: 2.4.40
>>> OS: FreeBSD 10.1-RC2
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (185.9.255.20)
>>>
>>>
>>> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation
>>> fails
>>> because deprecated types and functions are used. These types and functions
>>> have
>>> been marked deprecated by OpenSSL since 2002 and moved from des.h to
>>> des_old.h.
>>> LibreSSL removed these deprecated types and functions in April 2014 see
>>>
>>> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960
>>>
>>>> From the make output:
>>
>>
>> It appears you're compiling with the old LANMAN hash support. Nobody should
>> be using LANMAN any more, it's trivially insecure. I'm inclined to ignore
>> this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/