[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X

To: openldap-its@OpenLDAP.org
Subject: (ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X
From: m-oldap@bodyfour.uk
Date: Wed, 20 Jan 2016 18:37:26 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Mitchell Blank
Version: 2.4.43
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (80.169.198.86)


Recently a couple alpha releases for OpenSSL 1.1.X have been posted on
www.openssl.org with the request that software be tested against them prior to
release.

I tried compiling the most recent OpenLDAP against it, but it failed.  One of
the overarching changes that OpenSSL is making is that many of its datatypes are
now only visible as opaque pointers (in other words, their layout and size are
considered private to OpenSSL itself)

This caused the following compile errors in tls_o.c:

> openldap-2.4.43/libraries/libldap/tls_o.c: In function ?tlso_ctx_ref?:
> openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing pointer
to incomplete type
>  CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX );
>                    ^
> openldap-2.4.43/libraries/libldap/tls_o.c: In function ?tlso_session_my_dn?:
> openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing pointer
to incomplete type
  der_dn->bv_val = xn->bytes->data;
>                    ^
> openldap-2.4.43/libraries/libldap/tls_o.c: In function
?tlso_session_peer_dn?:
> openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing pointer
to incomplete type
  der_dn->bv_val = xn->bytes->data;
>                      ^
> openldap-2.4.43/libraries/libldap/tls_o.c: In function
?tlso_session_chkhost?:
> openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing pointer
to incomplete type
>   if ( !OBJ_cmp( ne->object, obj )) {
>                      ^


The last one can probably be replaced with a X509_NAME_ENTRY_get_object() call. 
I don't know enough about the X509_NAME API to know how to fix the ->bytes->data
ones.

For what it's worth, there were also a couple deprecated warnings:

> openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: ?ERR_remove_state?
is deprecated 
> openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning:
?DH_generate_parameters? is deprecated

Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 is
expected to be released and suddenly a lot more people will be hitting this
issue.

Prev by Date: Re: (ITS#8326) failure to start due to pwdMaxRecordedFailure
Next by Date: (ITS#8354) syncprov segv
Index(es):
- Chronological
- Thread