[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8687) openldap fails to link w/ openssl 1.1 built w/ no-egd

Full_Name: Daniel Jonathan Kurtz
Version: 2.4.45
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2401:fa00:1:b:dcfc:ce39:b80:8f26)

openldap 2.4.45 fails to link when built against openssl 1.1 built w/ the
default "no-egd" option:

libtool: link: x86_64-cros-linux-gnu-clang -O2 -pipe -O2 -pipe -march=corei7 -g
-fno-exceptions -fno-unwind-tables -fno-asynchronous-unwind-tables -clang-syntax
-Wl,-O1 -Wl,-O2 -Wl,--as-needed -o .libs/ltest test.o  ./.libs/libldap.so
libraries/liblber/.libs/liblber.so ../../libraries/liblber/.libs/liblber.so
../../libraries/liblutil/liblutil.a -lssl -lcrypto -lresolv
./.libs/libldap.so: error: undefined reference to 'RAND_egd'

RAND_egd does not exist because OpenSSL was built with the default settings
which, as of 1.1, has "EGD" disabled by default [0].

[0] 0423f812dc Add a no-egd option to disable EGD-related code

  *) EGD is no longer supported by default; use enable-egd when
     [Ben Kaduv and Rich Salz]

The RAND_egd reference is in libraries/libldap/tls_o.c:

static int
tlso_seed_PRNG( const char *randfile )
	/* no /dev/urandom (or equiv) */
	long total=0;
	char buffer[MAXPATHLEN];

	if (randfile == NULL) {
		/* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd.
		 * If $HOME is not set or buffer too small to hold the pathname,
		 * an error occurs.	- From RAND_file_name() man page.
		 * The fact is that when $HOME is NULL, .rnd is used.
		randfile = RAND_file_name( buffer, sizeof( buffer ) );

	} else if (RAND_egd(randfile) > 0) {
		/* EGD socket */
		return 0;

	if (randfile == NULL) {
			"TLS: Use configuration file or $RANDFILE to define seed PRNG\n",
			0, 0, 0);
		return -1;

It seems like we should be able to make the "else if (RAND_egd(randfile) > 0)"
block conditional on "#if !defined(OPENSSL_NO_EGD)" to work around this issue