[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8666) Fix build with LibreSSL

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8666) Fix build with LibreSSL
From: pawel@FreeBSD.org
Date: Mon, 05 Jun 2017 16:49:21 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Hi Howard,

On 2017-06-05 17:03 +0100, Howard Chu <hyc@symas.com> wrote:
>pawel@FreeBSD.org wrote:
>> Full_Name: Pawe&amp;#322; P&amp;#281;kala
>> Version: 2.4.45
>> OS: FreeBSD 12-CURRENT
>> URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219781
>> Submission from: (NULL) (62.141.192.76)
>> =20
>
>No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros,
>especially if it doesn't actually implement the features of those
>versions.
>

First off let me clarify first that I'm not representing LibreSSL
project, this is my opinion as a outsider. From my point of view they
are keeping OPENSSL_VERSION_NUMBER for backwards compatibility not
forwards, from their openssl/opensslv.h:

* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2050400fL
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.5.4"

/* These will never change */
#define OPENSSL_VERSION_NUMBER  0x20000000L

>> Latest version fails to build with LibreSSL. Following patch fixes
>> issue for me:
>>
>> --- libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
>> +++ libraries/libldap/tls_o.c
>> @@ -47,7 +47,7 @@
>>  #include <ssl.h>
>>  #endif
>>
>> -#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) #define
>> ASN1_STRING_data(x)	ASN1_STRING_get0_data(x) #endif
>>
>> @@ -157,7 +157,7 @@ tlso_init( void )
>>  	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
>>  #endif
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings();
>>  	SSL_library_init();
>>  	OpenSSL_add_all_digests();
>> @@ -205,7 +205,7 @@ static void
>>  tlso_ctx_ref( tls_ctx *ctx )
>>  {
>>  	tlso_ctx *c =3D (tlso_ctx *)ctx;
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define
>> SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1,
>> CRYPTO_LOCK_SSL_CTX ) #endif
>>  	SSL_CTX_up_ref( c );
>> @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct
>> berval * if (!x) return LDAP_INVALID_CREDENTIALS;
>>  =09
>>  	xn =3D X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val =3D xn->bytes->data;
>>  #else
>> @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct
>> berval return LDAP_INVALID_CREDENTIALS;
>>
>>  	xn =3D X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val =3D xn->bytes->data;
>>  #else
>> @@ -721,7 +721,7 @@ struct tls_data {
>>  	Sockbuf_IO_Desc		*sbiod;
>>  };
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x)
>> b->init =3D x #define BIO_set_data(b, x)	b->ptr =3D x
>>  #define BIO_clear_flags(b, x)	b->flags &=3D ~(x)
>> @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
>>  	return tlso_bio_write( b, str, strlen( str ) );
>>  }
>>
>> -#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st {
>>      int type;
>>      const char *name;
>>
>>
>> =20
>
>

--=20
pozdrawiam / with regards
Pawe=C5=82 P=C4=99kala

Prev by Date: Re: (ITS#8666) Fix build with LibreSSL
Next by Date: (ITS#8668) Cache overlay, unexpected behaviour and occasional segfaults
Index(es):
- Chronological
- Thread