[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8353) OpenLDAP won't compile with OpenSSL 1.1.X
From: hyc@symas.com
Date: Fri, 22 Jan 2016 17:23:17 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

m-oldap@bodyfour.uk wrote:
> Full_Name: Mitchell Blank
> Version: 2.4.43
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (80.169.198.86)
>
>
> Recently a couple alpha releases for OpenSSL 1.1.X have been posted on
> www.openssl.org with the request that software be tested against them prior to
> release.

Thanks for the report. There are clearly 2 issues the OpenSSL folks will have 
to resolve before this will work.

https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html
https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html

>
> I tried compiling the most recent OpenLDAP against it, but it failed.  One of
> the overarching changes that OpenSSL is making is that many of its datatypes are
> now only visible as opaque pointers (in other words, their layout and size are
> considered private to OpenSSL itself)
>
> This caused the following compile errors in tls_o.c:
>
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function â??tlso_ctx_refâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing pointer
> to incomplete type
>>   CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX );
>>                     ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function â??tlso_session_my_dnâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing pointer
> to incomplete type
>    der_dn->bv_val = xn->bytes->data;
>>                     ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function
> â??tlso_session_peer_dnâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing pointer
> to incomplete type
>    der_dn->bv_val = xn->bytes->data;
>>                       ^
>> openldap-2.4.43/libraries/libldap/tls_o.c: In function
> â??tlso_session_chkhostâ??:
>> openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing pointer
> to incomplete type
>>    if ( !OBJ_cmp( ne->object, obj )) {
>>                       ^
>
>
> The last one can probably be replaced with a X509_NAME_ENTRY_get_object() call.
> I don't know enough about the X509_NAME API to know how to fix the ->bytes->data
> ones.
>
> For what it's worth, there were also a couple deprecated warnings:
>
>> openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: â??ERR_remove_stateâ??
> is deprecated
>> openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning:
> â??DH_generate_parametersâ?? is deprecated
>
> Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 is
> expected to be released and suddenly a lot more people will be hitting this
> issue.
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8355) [lmdb] Issues with sorted duplicate DBs with cursor delete
Next by Date: Re: (ITS#8354) syncprov segv
Index(es):
- Chronological
- Thread