[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8666) Fix build with LibreSSL
Hi Howard,
On 2017-06-05 17:03 +0100, Howard Chu <hyc@symas.com> wrote:
>pawel@FreeBSD.org wrote:
>> Full_Name: Pawe&#322; P&#281;kala
>> Version: 2.4.45
>> OS: FreeBSD 12-CURRENT
>> URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219781
>> Submission from: (NULL) (62.141.192.76)
>> =20
>
>No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros,
>especially if it doesn't actually implement the features of those
>versions.
>
First off let me clarify first that I'm not representing LibreSSL
project, this is my opinion as a outsider. From my point of view they
are keeping OPENSSL_VERSION_NUMBER for backwards compatibility not
forwards, from their openssl/opensslv.h:
* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2050400fL
#define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.4"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
>> Latest version fails to build with LibreSSL. Following patch fixes
>> issue for me:
>>
>> --- libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC
>> +++ libraries/libldap/tls_o.c
>> @@ -47,7 +47,7 @@
>> #include <ssl.h>
>> #endif
>>
>> -#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) #define
>> ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif
>>
>> @@ -157,7 +157,7 @@ tlso_init( void )
>> (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
>> #endif
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings();
>> SSL_library_init();
>> OpenSSL_add_all_digests();
>> @@ -205,7 +205,7 @@ static void
>> tlso_ctx_ref( tls_ctx *ctx )
>> {
>> tlso_ctx *c =3D (tlso_ctx *)ctx;
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define
>> SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1,
>> CRYPTO_LOCK_SSL_CTX ) #endif
>> SSL_CTX_up_ref( c );
>> @@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct
>> berval * if (!x) return LDAP_INVALID_CREDENTIALS;
>> =09
>> xn =3D X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val =3D xn->bytes->data;
>> #else
>> @@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct
>> berval return LDAP_INVALID_CREDENTIALS;
>>
>> xn =3D X509_get_subject_name(x);
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
>> NULL ); der_dn->bv_val =3D xn->bytes->data;
>> #else
>> @@ -721,7 +721,7 @@ struct tls_data {
>> Sockbuf_IO_Desc *sbiod;
>> };
>>
>> -#if OPENSSL_VERSION_NUMBER < 0x10100000
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
>> defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x)
>> b->init =3D x #define BIO_set_data(b, x) b->ptr =3D x
>> #define BIO_clear_flags(b, x) b->flags &=3D ~(x)
>> @@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
>> return tlso_bio_write( b, str, strlen( str ) );
>> }
>>
>> -#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> +#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
>> && !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st {
>> int type;
>> const char *name;
>>
>>
>> =20
>
>
--=20
pozdrawiam / with regards
Pawe=C5=82 P=C4=99kala