[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: (ITS#8791) OpenSSL 1.1.1 compat issue

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8791) OpenSSL 1.1.1 compat issue
From: quanah@symas.com
Date: Thu, 25 Jan 2018 00:58:12 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)
Hi Bradley,

I believe it's waiting on a review from Howard.  I also plan on throwing it 
into my scratch repo and testing when I get the time, but my primary focus 
at the moment is migrating the OpenLDAP project to new infrastructure and a 
new bug tracking system. ;)

--Quanah

--On Wednesday, January 24, 2018 10:23 PM +0000 bbaetz@google.com wrote:

> --089e082f9ab494ea2405638d1cae
> Content-Type: text/plain; charset="UTF-8"
>
> Is there anything else I need to do in order to get this committed?
>
> Bradley
>
> On Fri, 15 Dec 2017 at 12:08 Bradley Baetz <bbaetz@google.com> wrote:
>
>> Done in ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch
>>
>>
>> On Fri, 15 Dec 2017 at 04:36 Howard Chu <hyc@symas.com> wrote:
>>
>>> bbaetz@google.com wrote:
>>> > Full_Name: Bradley Baetz
>>> > Version: 2.4.45
>>> > OS: linux
>>> > URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch
>>> > Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)
>>>
>>> Thanks for the patch. The initialization of the static tlso_bio_method
>>> is racy. One-time initializations should be done in tlso_init, and the
>>> allocated
>>> memory should be freed in tlso_destroy.
>>>
>>> >
>>> > ITS#8533 added support for the OpenSSL's hiding of the bio_method_st
>>> struct.
>>> >
>>> > However, it did this by re-defining the now-private structure, using
>>> the OpenSSL
>>> > 1.0 version. That will fail when OpenSSL changes their structure,
>>> > which
>>> they
>>> > have already done for v1.1.1 - see
>>> >
>>> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=include/internal
>>> /bio.h;hb=e1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16
>>> >
>>> > It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER
>>> define,
>>> > but has not yet hidden the struct definition.
>>> >
>>> > The attached file is derived from OpenLDAP Software. All of the
>>> modifications to
>>> > OpenLDAP Software represented in the following patch(es) were
>>> > developed
>>> by
>>> > Google, LLC. Google, LLC has not assigned rights and/or interest in
>>> this work to
>>> > any party. I, Bradley Baetz am authorized by Google, LLC, my employer,
>>> to
>>> > release this work under the following terms.
>>> >
>>> > The attached modifications to OpenLDAP Software are subject to the
>>> following
>>> > notice:
>>> > Copyright 2017 Google, LLC.
>>> > Redistribution and use in source and binary forms, with or without
>>> modification,
>>> > are permitted only as authorized by the OpenLDAP Public License.
>>> >
>>> >
>>>
>>>
>>> --
>>>    -- Howard Chu
>>>    CTO, Symas Corp.           http://www.symas.com
>>>    Director, Highland Sun     http://highlandsun.com/hyc/
>>>    Chief Architect, OpenLDAP  http://www.openldap.org/project/
>>>
>>
>
> --089e082f9ab494ea2405638d1cae
> Content-Type: text/html; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">Is there anything else I need to do in order to get this
> c= ommitted?<div><br></div><div>Bradley</div></div><br><div
> class=3D"gmail_quo= te"><div dir=3D"ltr">On Fri, 15 Dec 2017 at 12:08
> Bradley Baetz &lt;<a href=
> =3D"mailto:bbaetz@google.com";>bbaetz@google.com</a>&gt;
> wrote:<br></div><bl= ockquote class=3D"gmail_quote" style=3D"margin:0 0 0
> .8ex;border-left:1px #= ccc solid;padding-left:1ex"><div
> dir=3D"ltr"><span style=3D"font-size:small= ">Done in=C2=A0</span><a
> href=3D"ftp://ftp.openldap.org/incoming/bradley-ba= etz-20171215.patch"
> style=3D"font-size:small" target=3D"_blank">ftp://ftp.o=
> penldap.org/incoming/bradley-baetz-20171215.patch</a><br><br
> class=3D"m_906=
> 2438285945864329inbox-inbox-Apple-interchange-newline"></div><br><div
> class= =3D"gmail_quote"><div dir=3D"ltr">On Fri, 15 Dec 2017 at 04:36
> Howard Chu &= lt;<a href=3D"mailto:hyc@symas.com";
> target=3D"_blank">hyc@symas.com</a>&gt;=  wrote:<br></div><blockquote
> class=3D"gmail_quote" style=3D"margin:0 0 0 .8= ex;border-left:1px #ccc
> solid;padding-left:1ex"><a href=3D"mailto:bbaetz@go= ogle.com"
> target=3D"_blank">bbaetz@google.com</a> wrote:<br>
> &gt; Full_Name: Bradley Baetz<br>
> &gt; Version: 2.4.45<br>
> &gt; OS: linux<br>
> &gt; URL: <a
> href=3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171214= .patch"
> rel=3D"noreferrer" target=3D"_blank">ftp://ftp.openldap.org/incomin=
> g/bradley-baetz-20171214.patch</a><br>
> &gt; Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)<br>
> <br>
> Thanks for the patch. The initialization of the static tlso_bio_method
> is<b= r>
> racy. One-time initializations should be done in tlso_init, and the
> allocat= ed<br>
> memory should be freed in tlso_destroy.<br>
> <br>
> &gt;<br>
> &gt; ITS#8533 added support for the OpenSSL&#39;s hiding of the
> bio_method_= st struct.<br>
> &gt;<br>
> &gt; However, it did this by re-defining the now-private structure, using
> t= he OpenSSL<br>
> &gt; 1.0 version. That will fail when OpenSSL changes their structure,
> whic= h they<br>
> &gt; have already done for v1.1.1 - see<br>
> &gt; <a
> href=3D"https://git.openssl.org/gitweb/?p=3Dopenssl.git;a=3Dblob;f=
> =3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l
> 16= " rel=3D"noreferrer"
> target=3D"_blank">https://git.openssl.org/gitweb/?p=3D=
> openssl.git;a=3Dblob;f=3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b
> 02= 4dac7657a8d8a9b451#l16</a><br>
> &gt;<br>
> &gt; It also fails with BoringSSL, which has v1.0&#39;s
> OPENSSL_VERSION_NUM= BER define,<br>
> &gt; but has not yet hidden the struct definition.<br>
> &gt;<br>
> &gt; The attached file is derived from OpenLDAP Software. All of the
> modifi= cations to<br>
> &gt; OpenLDAP Software represented in the following patch(es) were
> develope= d by<br>
> &gt; Google, LLC. Google, LLC has not assigned rights and/or interest in
> th= is work to<br>
> &gt; any party. I, Bradley Baetz am authorized by Google, LLC, my
> employer,=  to<br>
> &gt; release this work under the following terms.<br>
> &gt;<br>
> &gt; The attached modifications to OpenLDAP Software are subject to the
> fol= lowing<br>
> &gt; notice:<br>
> &gt; Copyright 2017 Google, LLC.<br>
> &gt; Redistribution and use in source and binary forms, with or without
> mod= ification,<br>
> &gt; are permitted only as authorized by the OpenLDAP Public License.<br>
> &gt;<br>
> &gt;<br>
> <br>
> <br>
> --<br>
> =C2=A0 =C2=A0-- Howard Chu<br>
> =C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a
> hr= ef=3D"http://www.symas.com"; rel=3D"noreferrer"
> target=3D"_blank">http://www= .symas.com</a><br>
> =C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a
> href=3D"http://hi= ghlandsun.com/hyc/" rel=3D"noreferrer"
> target=3D"_blank">http://highlandsun= .com/hyc/</a><br>
> =C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a
> href=3D"http://www.openldap= .org/project/" rel=3D"noreferrer"
> target=3D"_blank">http://www.openldap.org= /project/</a><br>
> </blockquote></div></blockquote></div>
>
> --089e082f9ab494ea2405638d1cae--
>
>
>



--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
Prev by Date: Re: (ITS#8791) OpenSSL 1.1.1 compat issue
Next by Date: Re: (ITS#8100) Empty accesslog causes issues with delta-syncrepl MMR configurations
Index(es):
- Chronological
- Thread