[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X
- From: hyc@symas.com
- Date: Fri, 22 Jan 2016 17:23:17 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
m-oldap@bodyfour.uk wrote:
> Full_Name: Mitchell Blank
> Version: 2.4.43
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (80.169.198.86)
>
>
> Recently a couple alpha releases for OpenSSL 1.1.X have been posted on
> www.openssl.org with the request that software be tested against them prior to
> release.
Thanks for the report. There are clearly 2 issues the OpenSSL folks will have
to resolve before this will work.
https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html
https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html
>
> I tried compiling the most recent OpenLDAP against it, but it failed. One of
> the overarching changes that OpenSSL is making is that many of its datatypes are
> now only visible as opaque pointers (in other words, their layout and size are
> considered private to OpenSSL itself)
>
> This caused the following compile errors in tls_o.c:
>
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function â??tlso_ctx_refâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing pointer
> to incomplete type
>> CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX );
>> ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function â??tlso_session_my_dnâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing pointer
> to incomplete type
> der_dn->bv_val = xn->bytes->data;
>> ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function
> â??tlso_session_peer_dnâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing pointer
> to incomplete type
> der_dn->bv_val = xn->bytes->data;
>> ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function
> â??tlso_session_chkhostâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing pointer
> to incomplete type
>> if ( !OBJ_cmp( ne->object, obj )) {
>> ^
>
>
> The last one can probably be replaced with a X509_NAME_ENTRY_get_object() call.
> I don't know enough about the X509_NAME API to know how to fix the ->bytes->data
> ones.
>
> For what it's worth, there were also a couple deprecated warnings:
>
>> openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: â??ERR_remove_stateâ??
> is deprecated
>> openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning:
> â??DH_generate_parametersâ?? is deprecated
>
> Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 is
> expected to be released and suddenly a lot more people will be hitting this
> issue.
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/