[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7978) OpenLDAP 2.4 fails to build with LibreSSL

Spil Oss wrote:
> Hi Howard,
> Thanks for the pointer. --enable-lmpasswd was indeed enabled in the
> FreeBSD port. Notifying maintainer of port to switch it off and
> provided a patch for the port.
> Hope the patch I created for OpenLDAP is usable after all! Deprecated
> code in a function that should not be used, would it not be better to
> remove it completely? (or is that violating the RFCs?)

Very likely we should remove it. Will queue that up for 2.5. 2.4 is 
end-of-life and feature-frozen so nothing will be added or removed from it.

> Kind regards,
> Bernard.
> On Wed, Nov 5, 2014 at 5:48 PM, Howard Chu <hyc@symas.com> wrote:
>> spil.oss@gmail.com wrote:
>>> Full_Name: Bernard Spil
>>> Version: 2.4.40
>>> OS: FreeBSD 10.1-RC2
>>> URL: ftp://ftp.openldap.org/incoming/
>>> Submission from: (NULL) (
>>> When compiling OpenLDAP against the LibreSSL OpenSSL fork, compilation
>>> fails
>>> because deprecated types and functions are used. These types and functions
>>> have
>>> been marked deprecated by OpenSSL since 2002 and moved from des.h to
>>> des_old.h.
>>> LibreSSL removed these deprecated types and functions in April 2014 see
>>> https://github.com/libressl-portable/openbsd/commit/e0d211052a6946b9f8af1123278f89a8403ef960
>>>>  From the make output:
>> It appears you're compiling with the old LANMAN hash support. Nobody should
>> be using LANMAN any more, it's trivially insecure. I'm inclined to ignore
>> this ITS.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/