[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8445) LibreSSL v2.4 compile

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8445) LibreSSL v2.4 compile
From: hyc@symas.com
Date: Mon, 20 Jun 2016 16:40:10 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Connor Taffe wrote:
> Good point,
>
>   I was assuming that LibreSSL was focused on only maintaining compatibility
> with v1.0.1 though, as they've created their own libtls for future programs.
>
> Git grep didn't show anything in the v2.4.1 portable repo.
> The v1.1 API is still in pre-release it looks like, and the relevant functions
> have
> only been in OpenSSL since January and March respectively according to git.
> In fact LibreSSL has had only a handful of commits this year in portable,
> mostly focused on building with cmake and some fixes, but no API additions.
>
> Neither function is available in the -current OpenBSD cvs tree either.
>
> I've emailed libressl@openbsd.org <mailto:libressl@openbsd.org> to inquire
> further.

Thanks. In the meantime I think the sane thing to do is just invert the 
current #if. Swap the code so it's

#if OPENSSL_VERSION_NUMBER >= 0x01010000
   new stuff
#else
   old stuff
#endif

then we can ignore this until LibreSSL catches up.
>
> On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <hyc@symas.com
> <mailto:hyc@symas.com>> wrote:
>
>     Connor Taffe wrote:
>      > Fixed, attached is a patch.
>
>     I'm a bit concerned that you're only checking for the existence of LIBRESSL
>     instead of actually comparing the version number. Since the OpenSSL change is
>     based on their v1.1 API, do you know if/when LibreSSL plans to adopt the
>     new API?
>
>      > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc@symas.com
>     <mailto:hyc@symas.com>
>      > <mailto:hyc@symas.com <mailto:hyc@symas.com>>> wrote:
>      >
>      > cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>
>     <mailto:cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>> wrote:
>      >      > Full_Name: Connor Taffe
>      >      > Version: master
>      >      > OS: Ubuntu devel
>      >      > URL: ftp://ftp.openldap.org/incoming/
>      >      > Submission from: (NULL) (50.25.160.41)
>      >      >
>      >      >
>      >      > Compiling against LibreSSL v2.4.1 failed linking with
>     SSL_CTX_up_ref and
>      >      > X509_NAME_get0_der undefined. I added checking if
>      >     LIBRESSL_VERSION_NUMBER to the
>      >      > same conditional compilation ifs that are defined for old
>     versions of
>      >     OpenSSL.
>      >      >
>      >      > https://github.com/cptaffe/openldap
>      >
>      >     Please read the Developer Guidelines. I'm not going to pull an
>     arbitrary repo
>      >     to find someone's patch.
>      >
>      > http://www.openldap.org/devel/contributing.html
>      >
>      >     --
>      >         -- Howard Chu
>      >         CTO, Symas Corp. http://www.symas.com
>      >         Director, Highland Sun http://highlandsun.com/hyc/
>      >         Chief Architect, OpenLDAP http://www.openldap.org/project/
>      >
>
>
>     --
>         -- Howard Chu
>         CTO, Symas Corp. http://www.symas.com
>         Director, Highland Sun http://highlandsun.com/hyc/
>         Chief Architect, OpenLDAP http://www.openldap.org/project/
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#8446) Various bug fixes for the async-meta backend
Next by Date: Re: (ITS#8445) LibreSSL v2.4 compile
Index(es):
- Chronological
- Thread