[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#8445) LibreSSL v2.4 compile

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8445) LibreSSL v2.4 compile
From: cpaynetaffe@gmail.com
Date: Mon, 20 Jun 2016 17:13:55 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)
--001a113eeb0accaf2b0535b8d348
Content-Type: text/plain; charset=UTF-8

Unfortunately LibreSSL defines OPENSSL_VERSION_NUBMER as 0x02000000.

On Mon, Jun 20, 2016 at 11:40 AM Howard Chu <hyc@symas.com> wrote:

> Connor Taffe wrote:
> > Good point,
> >
> >   I was assuming that LibreSSL was focused on only maintaining
> compatibility
> > with v1.0.1 though, as they've created their own libtls for future
> programs.
> >
> > Git grep didn't show anything in the v2.4.1 portable repo.
> > The v1.1 API is still in pre-release it looks like, and the relevant
> functions
> > have
> > only been in OpenSSL since January and March respectively according to
> git.
> > In fact LibreSSL has had only a handful of commits this year in portable,
> > mostly focused on building with cmake and some fixes, but no API
> additions.
> >
> > Neither function is available in the -current OpenBSD cvs tree either.
> >
> > I've emailed libressl@openbsd.org <mailto:libressl@openbsd.org> to
> inquire
> > further.
>
> Thanks. In the meantime I think the sane thing to do is just invert the
> current #if. Swap the code so it's
>
> #if OPENSSL_VERSION_NUMBER >= 0x01010000
>    new stuff
> #else
>    old stuff
> #endif
>
> then we can ignore this until LibreSSL catches up.
> >
> > On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <hyc@symas.com
> > <mailto:hyc@symas.com>> wrote:
> >
> >     Connor Taffe wrote:
> >      > Fixed, attached is a patch.
> >
> >     I'm a bit concerned that you're only checking for the existence of
> LIBRESSL
> >     instead of actually comparing the version number. Since the OpenSSL
> change is
> >     based on their v1.1 API, do you know if/when LibreSSL plans to adopt
> the
> >     new API?
> >
> >      > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc@symas.com
> >     <mailto:hyc@symas.com>
> >      > <mailto:hyc@symas.com <mailto:hyc@symas.com>>> wrote:
> >      >
> >      > cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>
> >     <mailto:cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>> wrote:
> >      >      > Full_Name: Connor Taffe
> >      >      > Version: master
> >      >      > OS: Ubuntu devel
> >      >      > URL: ftp://ftp.openldap.org/incoming/
> >      >      > Submission from: (NULL) (50.25.160.41)
> >      >      >
> >      >      >
> >      >      > Compiling against LibreSSL v2.4.1 failed linking with
> >     SSL_CTX_up_ref and
> >      >      > X509_NAME_get0_der undefined. I added checking if
> >      >     LIBRESSL_VERSION_NUMBER to the
> >      >      > same conditional compilation ifs that are defined for old
> >     versions of
> >      >     OpenSSL.
> >      >      >
> >      >      > https://github.com/cptaffe/openldap
> >      >
> >      >     Please read the Developer Guidelines. I'm not going to pull an
> >     arbitrary repo
> >      >     to find someone's patch.
> >      >
> >      > http://www.openldap.org/devel/contributing.html
> >      >
> >      >     --
> >      >         -- Howard Chu
> >      >         CTO, Symas Corp. http://www.symas.com
> >      >         Director, Highland Sun http://highlandsun.com/hyc/
> >      >         Chief Architect, OpenLDAP
> http://www.openldap.org/project/
> >      >
> >
> >
> >     --
> >         -- Howard Chu
> >         CTO, Symas Corp. http://www.symas.com
> >         Director, Highland Sun http://highlandsun.com/hyc/
> >         Chief Architect, OpenLDAP http://www.openldap.org/project/
> >
>
>
> --
>    -- Howard Chu
>    CTO, Symas Corp.           http://www.symas.com
>    Director, Highland Sun     http://highlandsun.com/hyc/
>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>

--001a113eeb0accaf2b0535b8d348
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Unfortunately LibreSSL defines OPENSSL_VERSION_NUBMER=
 as=C2=A0<span style=3D"color:rgb(33,33,33);font-family:&#39;helvetica neue=
&#39;,helvetica,arial,sans-serif">0x02000000.</span></div></div><br><div cl=
ass=3D"gmail_quote"><div dir=3D"ltr">On Mon, Jun 20, 2016 at 11:40 AM Howar=
d Chu &lt;<a href=3D"mailto:hyc@symas.com";>hyc@symas.com</a>&gt; wrote:<br>=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
eft:1px #ccc solid;padding-left:1ex">Connor Taffe wrote:<br>
&gt; Good point,<br>
&gt;<br>
&gt;=C2=A0 =C2=A0I was assuming that LibreSSL was focused on only maintaini=
ng compatibility<br>
&gt; with v1.0.1 though, as they&#39;ve created their own libtls for future=
 programs.<br>
&gt;<br>
&gt; Git grep didn&#39;t show anything in the v2.4.1 portable repo.<br>
&gt; The v1.1 API is still in pre-release it looks like, and the relevant f=
unctions<br>
&gt; have<br>
&gt; only been in OpenSSL since January and March respectively according to=
 git.<br>
&gt; In fact LibreSSL has had only a handful of commits this year in portab=
le,<br>
&gt; mostly focused on building with cmake and some fixes, but no API addit=
ions.<br>
&gt;<br>
&gt; Neither function is available in the -current OpenBSD cvs tree either.=
<br>
&gt;<br>
&gt; I&#39;ve emailed <a href=3D"mailto:libressl@openbsd.org"; target=3D"_bl=
ank">libressl@openbsd.org</a> &lt;mailto:<a href=3D"mailto:libressl@openbsd=
.org" target=3D"_blank">libressl@openbsd.org</a>&gt; to inquire<br>
&gt; further.<br>
<br>
Thanks. In the meantime I think the sane thing to do is just invert the<br>
current #if. Swap the code so it&#39;s<br>
<br>
#if OPENSSL_VERSION_NUMBER &gt;=3D 0x01010000<br>
=C2=A0 =C2=A0new stuff<br>
#else<br>
=C2=A0 =C2=A0old stuff<br>
#endif<br>
<br>
then we can ignore this until LibreSSL catches up.<br>
&gt;<br>
&gt; On Mon, Jun 20, 2016 at 1:38 AM Howard Chu &lt;<a href=3D"mailto:hyc@s=
ymas.com" target=3D"_blank">hyc@symas.com</a><br>
&gt; &lt;mailto:<a href=3D"mailto:hyc@symas.com"; target=3D"_blank">hyc@syma=
s.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0Connor Taffe wrote:<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt; Fixed, attached is a patch.<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0I&#39;m a bit concerned that you&#39;re only checki=
ng for the existence of LIBRESSL<br>
&gt;=C2=A0 =C2=A0 =C2=A0instead of actually comparing the version number. S=
ince the OpenSSL change is<br>
&gt;=C2=A0 =C2=A0 =C2=A0based on their v1.1 API, do you know if/when LibreS=
SL plans to adopt the<br>
&gt;=C2=A0 =C2=A0 =C2=A0new API?<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt; On Sun, Jun 19, 2016 at 8:02 PM Howard Chu &l=
t;<a href=3D"mailto:hyc@symas.com"; target=3D"_blank">hyc@symas.com</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0&lt;mailto:<a href=3D"mailto:hyc@symas.com"; target=
=3D"_blank">hyc@symas.com</a>&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt; &lt;mailto:<a href=3D"mailto:hyc@symas.com"; t=
arget=3D"_blank">hyc@symas.com</a> &lt;mailto:<a href=3D"mailto:hyc@symas.c=
om" target=3D"_blank">hyc@symas.com</a>&gt;&gt;&gt; wrote:<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt; <a href=3D"mailto:cpaynetaffe@gmail.com"; targ=
et=3D"_blank">cpaynetaffe@gmail.com</a> &lt;mailto:<a href=3D"mailto:cpayne=
taffe@gmail.com" target=3D"_blank">cpaynetaffe@gmail.com</a>&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0&lt;mailto:<a href=3D"mailto:cpaynetaffe@gmail.com"=
 target=3D"_blank">cpaynetaffe@gmail.com</a> &lt;mailto:<a href=3D"mailto:c=
paynetaffe@gmail.com" target=3D"_blank">cpaynetaffe@gmail.com</a>&gt;&gt; w=
rote:<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; Full_Name: Connor Ta=
ffe<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; Version: master<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; OS: Ubuntu devel<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; URL: <a href=3D"ftp:=
//ftp.openldap.org/incoming/" rel=3D"noreferrer" target=3D"_blank">ftp://ft=
p.openldap.org/incoming/</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; Submission from: (NU=
LL) (50.25.160.41)<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; Compiling against Li=
breSSL v2.4.1 failed linking with<br>
&gt;=C2=A0 =C2=A0 =C2=A0SSL_CTX_up_ref and<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; X509_NAME_get0_der u=
ndefined. I added checking if<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0LIBRESSL_VERSION_NUMBER to=
 the<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; same conditional com=
pilation ifs that are defined for old<br>
&gt;=C2=A0 =C2=A0 =C2=A0versions of<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0OpenSSL.<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 &gt; <a href=3D"https://g=
ithub.com/cptaffe/openldap" rel=3D"noreferrer" target=3D"_blank">https://gi=
thub.com/cptaffe/openldap</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0Please read the Developer =
Guidelines. I&#39;m not going to pull an<br>
&gt;=C2=A0 =C2=A0 =C2=A0arbitrary repo<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0to find someone&#39;s patc=
h.<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt; <a href=3D"http://www.openldap.org/devel/cont=
ributing.html" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org=
/devel/contributing.html</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0--<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Howard Ch=
u<br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0CTO, Symas C=
orp. <a href=3D"http://www.symas.com"; rel=3D"noreferrer" target=3D"_blank">=
http://www.symas.com</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Director, Hi=
ghland Sun <a href=3D"http://highlandsun.com/hyc/"; rel=3D"noreferrer" targe=
t=3D"_blank">http://highlandsun.com/hyc/</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Chief Archit=
ect, OpenLDAP <a href=3D"http://www.openldap.org/project/"; rel=3D"noreferre=
r" target=3D"_blank">http://www.openldap.org/project/</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 &gt;<br>
&gt;<br>
&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0--<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Howard Chu<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0CTO, Symas Corp. <a href=3D"http://ww=
w.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas.com</a><=
br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Director, Highland Sun <a href=3D"htt=
p://highlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highl=
andsun.com/hyc/</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Chief Architect, OpenLDAP <a href=3D"=
http://www.openldap.org/project/"; rel=3D"noreferrer" target=3D"_blank">http=
://www.openldap.org/project/</a><br>
&gt;<br>
<br>
<br>
--<br>
=C2=A0 =C2=A0-- Howard Chu<br>
=C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr=
ef=3D"http://www.symas.com"; rel=3D"noreferrer" target=3D"_blank">http://www=
.symas.com</a><br>
=C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi=
ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun=
.com/hyc/</a><br>
=C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap=
.org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org=
/project/</a><br>
</blockquote></div>

--001a113eeb0accaf2b0535b8d348--
Prev by Date: Re: (ITS#8445) LibreSSL v2.4 compile
Next by Date: (ITS#8447) LMDB: Overwriting values in MDB_DUPSORT databases broken
Index(es):
- Chronological
- Thread