[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8809) tls_o failure when linking to OpenSSL 1.0.2 with "no-deprecated" compile flag

To: openldap-its@OpenLDAP.org
Subject: (ITS#8809) tls_o failure when linking to OpenSSL 1.0.2 with "no-deprecated" compile flag
From: quanah@openldap.org
Date: Fri, 23 Feb 2018 16:47:27 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Quanah Gibson-Mount
Version: HEAD
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)


When attempting to link OpenLDAP to OpenSSL 1.0.2 series, where OpenSSL has been
built with deprecated API's disabled, the build will fail.  This is because
RSA_F4 is deprecated in 1.0.2.  In master, this is around line 1367:

#if OPENSSL_VERSION_NUMBER < 0x10100000
static RSA *
tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
{
    RSA *tmp_rsa;
    /* FIXME:  Pregenerate the key on startup */
    /* FIXME:  Who frees the key? */
#if OPENSSL_VERSION_NUMBER >= 0x00908000
    BIGNUM *bn = BN_new();
    tmp_rsa = NULL;
    if ( bn ) {
        if ( BN_set_word( bn, RSA_F4 )) {
            tmp_rsa = RSA_new();
            if ( tmp_rsa && !RSA_generate_key_ex( tmp_rsa, key_length, bn, NULL
)) {
                RSA_free( tmp_rsa );
                tmp_rsa = NULL;
            }
        }
        BN_free( bn );
    }
#else
    tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL );
#endif

    if ( !tmp_rsa ) {
        Debug( LDAP_DEBUG_ANY,
            "TLS: Failed to generate temporary %d-bit %s RSA key\n",
            key_length, is_export ? "export" : "domestic", 0 );
    }
    return tmp_rsa;
}
#endif /* OPENSSL_VERSION_NUMBER < 1.1 */


This function needs to check < 1.0.2 rather than < 1.1

Prev by Date: Re: (ITS#8805) Documentation for LDAP_OPT_X_TLS_NEWCTX is wrong
Next by Date: Re: (ITS#8809) tls_o failure when linking to OpenSSL 1.0.2 with "no-deprecated" compile flag
Index(es):
- Chronological
- Thread