[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8791) OpenSSL 1.1.1 compat issue

bbaetz@google.com wrote:
> Full_Name: Bradley Baetz
> Version: 2.4.45
> OS: linux
> URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch
> Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)

Thanks for the patch. The initialization of the static tlso_bio_method is 
racy. One-time initializations should be done in tlso_init, and the allocated 
memory should be freed in tlso_destroy.

> ITS#8533 added support for the OpenSSL's hiding of the bio_method_st struct.
> However, it did this by re-defining the now-private structure, using the OpenSSL
> 1.0 version. That will fail when OpenSSL changes their structure, which they
> have already done for v1.1.1 - see
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=include/internal/bio.h;hb=e1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16
> It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER define,
> but has not yet hidden the struct definition.
> The attached file is derived from OpenLDAP Software. All of the modifications to
> OpenLDAP Software represented in the following patch(es) were developed by
> Google, LLC. Google, LLC has not assigned rights and/or interest in this work to
> any party. I, Bradley Baetz am authorized by Google, LLC, my employer, to
> release this work under the following terms.
> The attached modifications to OpenLDAP Software are subject to the following
> notice:
> Copyright 2017 Google, LLC.
> Redistribution and use in source and binary forms, with or without modification,
> are permitted only as authorized by the OpenLDAP Public License.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/