[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re:Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- To: openldap-its@OpenLDAP.org
- Subject: Re:Re: (ITS#8924) Installed openldap2.4.46 and openssl1.1.1, the client and server still used TLS1.2 to negotiated
- From: nanmor@126.com
- Date: Sun, 14 Oct 2018 13:04:36 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--Apple-Mail=_375D3C00-4B90-466D-8A3B-98B223B1B007
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Hi Quanah,
Run ' ldd /usr/local/bin/ldapsearch' in ubuntu client, result:
linux-vdso.so.1 =3D> (0x00007ffd6a0f2000)
libssl.so.1.0.0 =3D> /lib/x86_64-linux-gnu/libssl.so.1.0.0 =
(0x00007f659a72a000)
libcrypto.so.1.0.0 =3D> /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 =
(0x00007f659a2e6000)
libresolv.so.2 =3D> /lib/x86_64-linux-gnu/libresolv.so.2 =
(0x00007f659a0cb000)
libc.so.6 =3D> /lib/x86_64-linux-gnu/libc.so.6 =
(0x00007f6599d01000)
libdl.so.2 =3D> /lib/x86_64-linux-gnu/libdl.so.2 =
(0x00007f6599afd000)
/lib64/ld-linux-x86-64.so.2 (0x00007f659a993000)
=20
Run ' ldd /usr/local/openldap.2.4.46/bin/ldapsearch' in Redhat, result:
linux-vdso.so.1 =3D> (0x00007ffd959d6000)
libsasl2.so.3 =3D> /lib64/libsasl2.so.3 (0x00007fae80012000)
libssl.so.10 =3D> /lib64/libssl.so.10 (0x00007fae7fd9f000)
libcrypto.so.10 =3D> /lib64/libcrypto.so.10
=20
Run ' ldd /usr/local/ssl/bin/openssl' in both, result :
linux-vdso.so.1 =3D> (0x00007ffff61fb000)
libssl.so.1.1 =3D> /usr/local/ssl/lib/libssl.so.1.1 =
(0x00007f1ca0272000)
libcrypto.so.1.1 =3D> /usr/local/ssl/lib/libcrypto.so.1.1 =
(0x00007f1c9fd8e000)
libz.so.1 =3D> /lib64/libz.so.1 (0x00007f1c9fb78000)
libdl.so.2 =3D> /lib64/libdl.so.2 (0x00007f1c9f974000)
libpthread.so.0 =3D> /lib64/libpthread.so.0 (0x00007f1c9f757000)
libc.so.6 =3D> /lib64/libc.so.6 (0x00007f1c9f38a000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1ca0519000)
=20
They are not use same libssl.so.1.1, when I changed the ubuntu /redhat =
libssl.so link to the libssl.so.1.1 and libcrypto.so link to =
libcrypto.so.1.1, and make the openldap.2.4.46 again, it will pop out an =
error,
=20
cc -g -O2 -o apitest apitest.o ./.libs/libldap.a =
/home/openldap-soft/openldap-2.4.46/libraries/liblber/.libs/liblber.a =
../../libraries/liblber/.libs/liblber.a =
../../libraries/liblutil/liblutil.a -lsasl2 -lssl -lcrypto -lresolv
./.libs/libldap.a(os-ip.o): In function `ldap_pvt_is_socket_ready':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/os-ip.c:262: =
warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' =
instead
/home/openldap-soft/openldap-2.4.46/libraries/libldap/os-ip.c:262: =
warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' =
instead
./.libs/libldap.a(tls_o.o): In function `tlso_session_chkhost':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:629: =
undefined reference to `sk_num'
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:633: =
undefined reference to `sk_value'
./.libs/libldap.a(tls_o.o): In function `tlso_ctx_init':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:415: =
undefined reference to `SSL_CTX_set_tmp_rsa_callback'
./.libs/libldap.a(tls_o.o): In function `tlso_ca_list':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:169: =
undefined reference to `sk_new_null'
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:174: =
undefined reference to `sk_free'
./.libs/libldap.a(tls_o.o): In function `tlso_ctx_new':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:245: =
undefined reference to `SSLv23_method'
./.libs/libldap.a(tls_o.o): In function `tlso_destroy':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:227: =
undefined reference to `EVP_cleanup'
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:233: =
undefined reference to `ERR_free_strings'
./.libs/libldap.a(tls_o.o): In function `tlso_init':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:201: =
undefined reference to `SSL_load_error_strings'
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:202: =
undefined reference to `SSL_library_init'
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:203: =
undefined reference to `OpenSSL_add_all_digests'
./.libs/libldap.a(tls_o.o): In function `tlso_ctx_ref':
/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:255: =
undefined reference to `CRYPTO_add_lock'
collect2: error: ld returned 1 exit status
make[2]: *** [apitest] Error 1
make[2]: Leaving directory =
`/home/openldap-soft/openldap-2.4.46/libraries/libldap'
make[1]: *** [all-common] Error 1
make[1]: Leaving directory =
`/home/openldap-soft/openldap-2.4.46/libraries'
make: *** [all-common] Error 1
=20
And we found in openldap2.4.46 code in line 629 of =
libraries/libldap/tls_o.c will call sk_GENERAL_NAME_num from openssl =
code, we checked the openssl1.1.1 code, it does not have =
sk_GENERAL_NAME_num, but it could be find in openssl1.0.
Thanks a lot,
best regards,
nancy
--Apple-Mail=_375D3C00-4B90-466D-8A3B-98B223B1B007
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial" class=""><div class=""><span style="font-family:
Arial" class="">Hi</span><span style="font-family:"Microsoft YaHei"" class=""></span> Quanah<span style="font-family:"Microsoft YaHei"" class="">,<br class=""></span></div><div class=""><br class=""><span style="font-family:"Microsoft YaHei"" class=""></span></div><div style="margin: 0in;" class=""><span style="font-family:"Microsoft YaHei";font-size:
10.0pt;color:black" lang="en-US" class="">Run '</span><span style="font-family:Calibri;
font-size:11.0pt" lang="zh-CN" class=""> ldd /usr/local/bin/ldapsearch</span><span style="font-family:"Microsoft YaHei";font-size:10.0pt;color:black" lang="en-US" class="">'
in ubuntu client, result: </span></div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class="">linux-vdso.so.1
=><span style="mso-spacerun:yes" class=""> </span>(0x00007ffd6a0f2000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libssl.so.1.0.0 =>
/lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f659a72a000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libcrypto.so.1.0.0 =>
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007f659a2e6000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libresolv.so.2 =>
/lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f659a0cb000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libc.so.6 =>
/lib/x86_64-linux-gnu/libc.so.6 (0x00007f6599d01000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libdl.so.2 =>
/lib/x86_64-linux-gnu/libdl.so.2 (0x00007f6599afd000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>/lib64/ld-linux-x86-64.so.2
(0x00007f659a993000)</div><p style="margin:0in;font-family:Calibri;font-size:11.0pt" lang="zh-CN" class=""> </p><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span lang="en-US" class="">Run
'</span><span lang="zh-CN" class=""> ldd /usr/local/openldap.2.4.46/bin/ldapsearch</span><span lang="en-US" class="">' in Redhat, result: </span></div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span lang="en-US" class=""><span style="mso-spacerun:yes" class=""> </span></span><span lang="zh-CN" class="">linux-vdso.so.1
=><span style="mso-spacerun:yes" class=""> </span>(0x00007ffd959d6000)</span></div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libsasl2.so.3 =>
/lib64/libsasl2.so.3 (0x00007fae80012000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libssl.so.10 => /lib64/libssl.so.10
(0x00007fae7fd9f000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span lang="en-US" class=""><span style="mso-spacerun:yes" class=""> </span></span><span lang="zh-CN" class=""><span style="mso-spacerun:yes" class=""> </span>libcrypto.so.10 => /lib64/libcrypto.so.10 </span></div><p style="margin:0in;font-family:Calibri;font-size:11.0pt" class=""> </p><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span lang="en-US" class="">Run
'</span><span lang="zh-CN" class=""> ldd /usr/local/ssl/bin/openssl</span><span lang="en-US" class="">' in both, result :</span></div><div style="margin: 0in; font-size: 11pt;" class=""><span style="font-family:"Microsoft YaHei"" lang="en-US" class=""><span style="mso-spacerun:yes" class=""> </span></span><span style="font-family:Calibri" lang="zh-CN" class=""><span style="mso-spacerun:yes" class=""> </span>linux-vdso.so.1 =><span style="mso-spacerun:yes" class=""> </span>(0x00007ffff61fb000)</span></div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libssl.so.1.1 =>
/usr/local/ssl/lib/libssl.so.1.1 (0x00007f1ca0272000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libcrypto.so.1.1 =>
/usr/local/ssl/lib/libcrypto.so.1.1 (0x00007f1c9fd8e000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libz.so.1 => /lib64/libz.so.1
(0x00007f1c9fb78000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libdl.so.2 => /lib64/libdl.so.2
(0x00007f1c9f974000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libpthread.so.0 =>
/lib64/libpthread.so.0 (0x00007f1c9f757000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>libc.so.6 => /lib64/libc.so.6
(0x00007f1c9f38a000)</div><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span style="mso-spacerun:yes" class=""> </span>/lib64/ld-linux-x86-64.so.2
(0x00007f1ca0519000)</div><p style="margin:0in;font-family:Calibri;font-size:11.0pt" class=""> </p><div style="margin: 0in; font-family: Calibri; font-size: 11pt;" class=""><span lang="en-US" class="">They
are not use same </span><span lang="zh-CN" class=""><span style="mso-spacerun:yes" class=""> </span>libssl.so.1.1</span><span lang="en-US" class="">, when I
changed the ubuntu /redhat libssl.so link to the libssl.so.1.1 and </span><span lang="zh-CN" class="">libcrypto.so</span><span lang="en-US" class=""> link to </span><span lang="zh-CN" class="">libcrypto.so.1.1</span><span lang="en-US" class="">, and make the
openldap.2.4.46 again, it will pop out an error,</span></div><p style="margin:0in;font-family:Arial;font-size:11.0pt" class=""> </p><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">cc -g -O2
-o apitest apitest.o ./.libs/libldap.a
/home/openldap-soft/openldap-2.4.46/libraries/liblber/.libs/liblber.a
../../libraries/liblber/.libs/liblber.a ../../libraries/liblutil/liblutil.a
-lsasl2 -lssl -lcrypto -lresolv</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(os-ip.o):
In function `ldap_pvt_is_socket_ready':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/os-ip.c:262:
warning: `sys_errlist' is deprecated; use `strerror' or `strerror_r' instead</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/os-ip.c:262:
warning: `sys_nerr' is deprecated; use `strerror' or `strerror_r' instead</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_session_chkhost':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:629:
undefined reference to `sk_num'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:633:
undefined reference to `sk_value'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_ctx_init':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:415:
undefined reference to `SSL_CTX_set_tmp_rsa_callback'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_ca_list':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:169:
undefined reference to `sk_new_null'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:174:
undefined reference to `sk_free'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_ctx_new':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:245:
undefined reference to `SSLv23_method'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_destroy':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:227:
undefined reference to `EVP_cleanup'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:233:
undefined reference to `ERR_free_strings'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_init':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:201:
undefined reference to `SSL_load_error_strings'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:202:
undefined reference to `SSL_library_init'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:203:
undefined reference to `OpenSSL_add_all_digests'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">./.libs/libldap.a(tls_o.o):
In function `tlso_ctx_ref':</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">/home/openldap-soft/openldap-2.4.46/libraries/libldap/tls_o.c:255:
undefined reference to `CRYPTO_add_lock'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">collect2:
error: ld returned 1 exit status</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">make[2]:
*** [apitest] Error 1</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">make[2]:
Leaving directory `/home/openldap-soft/openldap-2.4.46/libraries/libldap'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">make[1]:
*** [all-common] Error 1</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">make[1]:
Leaving directory `/home/openldap-soft/openldap-2.4.46/libraries'</div><div style="margin: 0in; font-family: Arial; font-size: 10pt; color: black;" class="">make: ***
[all-common] Error 1</div><p style="margin:0in;font-family:Calibri;font-size:11.0pt" class=""> </p><div style="margin: 0in;" class=""><span style="font-family:Calibri;font-size:11.0pt" lang="en-US" class="">And we found in openldap2.4.46 code in line 629 of<span style="mso-spacerun:yes" class=""> </span></span><span style="font-family:Calibri;
font-size:11.0pt" lang="zh-CN" class="">libraries/libldap/tls_o.c</span><span style="font-family:Calibri;font-size:11.0pt" lang="en-US" class=""> will call<span style="mso-spacerun:yes" class=""> </span></span><span style="font-family:Arial;
font-size:10.0pt" lang="en-US" class="">sk_GENERAL_NAME_num from openssl code, we checked
the openssl1.1.1 code, it does not have sk_GENERAL_NAME_num, but it could be find in openssl1.0. </span></div>
<br class=""><br class=""><div id="spnEditorSign" style="position:relative;zoom:1" class=""></div><div id="divNeteaseMailCard" class=""></div><div class=""><br class=""></div><div class="">Thanks a lot,</div><div class=""><br class=""></div><div class="">best regards,</div><div class="">nancy</div><div class=""><br class=""></div>
</div></body></html>
--Apple-Mail=_375D3C00-4B90-466D-8A3B-98B223B1B007--