openldap-bugs January 2017

openldap-bugs@openldap.org

22 participants
55 discussions

Re: (ITS#8533) Support OpenSSL-1.1.0c
by sca＠andreasschulze.de 03 Jan '17

03 Jan '17

Am 03.01.2017 um 20:12 schrieb Howard Chu: > sca(a)andreasschulze.de wrote: >> Am 28.11.2016 um 17:42 schrieb Quanah Gibson-Mount: >>> I have a few additional comments: >>> ... >> >> I updated the patch as suggested: ftp://ftp.openldap.org/incoming/andreas-schulze-161204.patch > > +/* REVIEW: CRYPTO_num_locks is defined as "(1)" openssl-1.1.0 */ > +static ldap_pvt_thread_mutex_t tlso_mutexes[CRYPTO_num_locks()]; > > This is not acceptable. The fact that the macro is defined as a function macro implies that it may be turned into a genuine function at some point in the future. Either we get a commitment from the OpenSSL developers that this macro will always be a constant, or the code must change to dynamically allocate the mutexes array. > > @@ -882,6 +924,9 @@ static BIO_METHOD tlso_bio_method = > tlso_bio_create, > tlso_bio_destroy > }; > +#else > +static BIO_METHOD *tlso_bio_method = NULL; > +#endif > > static int > tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg ) > @@ -898,8 +943,29 @@ tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg ) > > p->session = arg; > p->sbiod = sbiod; > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > bio = BIO_new( &tlso_bio_method ); > bio->ptr = (void *)p; > +#else > + if ( tlso_bio_method == NULL ) { > + tlso_bio_method = BIO_meth_new(( 100 | 0x400 ), "sockbuf glue"); > + if ( tlso_bio_method == NULL > + || !BIO_meth_set_write(tlso_bio_method, tlso_bio_write) > + || !BIO_meth_set_read(tlso_bio_method, tlso_bio_read) > + || !BIO_meth_set_puts(tlso_bio_method, tlso_bio_puts) > + || !BIO_meth_set_gets(tlso_bio_method, tlso_bio_gets) > + || !BIO_meth_set_ctrl(tlso_bio_method, tlso_bio_ctrl) > + || !BIO_meth_set_create(tlso_bio_method, tlso_bio_create) > + || !BIO_meth_set_destroy(tlso_bio_method, tlso_bio_destroy)) { > + return -1; > + } > + } > + bio = BIO_new(tlso_bio_method); > + if ( bio == NULL ) { > + return -1; > + } > + BIO_set_data(bio, (void *)p); > +#endif > > This is no good, the tlso_bio_method must be initialized once and only once. The structure can be referenced simultaneously from multiple threads, and initing on each use will be a performance hit as well as a waste of memory. Hello Howard, looks like you're much more familiar with open[ssl|ldap] insides. My intension was to show a way to build openldap with openssl-1.1.0. I'm aware that is not ideal and you prove that now. Thanks. But I cannot contribute better code. Sorry. Andreas

1 0

(ITS#8557) mdb_put may cause a cursor malfunction
by lazarev.michael＠gmail.com 03 Jan '17

03 Jan '17

Full_Name: Michael Lazarev Version: OS: Linux, FreeBSD URL: ftp://ftp.openldap.org/incoming/mdb_put_test.c Submission from: (NULL) (128.70.151.136) After a number of mdb_put calls, mdb_cursor_get with MDB_LAST operation positions the cursor incorrectly. Test code is submitted here: ftp://ftp.openldap.org/incoming/mdb_put_test.c

1 0

Re: (ITS#8556) OpenLDAP technical support listing
by quanah＠symas.com 03 Jan '17

03 Jan '17

--On Tuesday, January 03, 2017 10:54 AM +0000 marketing(a)rosehosting.com wrote: > We'd really appreciate it if you add us to the list. Done, and will be listed on the next website push, which will coincide with the OpenLDAP 2.4.45 release (So may be a little bit). Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>

1 0

Re: (ITS#8533) Support OpenSSL-1.1.0c
by hyc＠symas.com 03 Jan '17

03 Jan '17

sca(a)andreasschulze.de wrote: > Am 28.11.2016 um 17:42 schrieb Quanah Gibson-Mount: >> I have a few additional comments: >> ... > > I updated the patch as suggested: ftp://ftp.openldap.org/incoming/andreas-schulze-161204.patch +/* REVIEW: CRYPTO_num_locks is defined as "(1)" openssl-1.1.0 */ +static ldap_pvt_thread_mutex_t tlso_mutexes[CRYPTO_num_locks()]; This is not acceptable. The fact that the macro is defined as a function macro implies that it may be turned into a genuine function at some point in the future. Either we get a commitment from the OpenSSL developers that this macro will always be a constant, or the code must change to dynamically allocate the mutexes array. @@ -882,6 +924,9 @@ static BIO_METHOD tlso_bio_method = tlso_bio_create, tlso_bio_destroy }; +#else +static BIO_METHOD *tlso_bio_method = NULL; +#endif static int tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg ) @@ -898,8 +943,29 @@ tlso_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg ) p->session = arg; p->sbiod = sbiod; +#if OPENSSL_VERSION_NUMBER < 0x10100000L bio = BIO_new( &tlso_bio_method ); bio->ptr = (void *)p; +#else + if ( tlso_bio_method == NULL ) { + tlso_bio_method = BIO_meth_new(( 100 | 0x400 ), "sockbuf glue"); + if ( tlso_bio_method == NULL + || !BIO_meth_set_write(tlso_bio_method, tlso_bio_write) + || !BIO_meth_set_read(tlso_bio_method, tlso_bio_read) + || !BIO_meth_set_puts(tlso_bio_method, tlso_bio_puts) + || !BIO_meth_set_gets(tlso_bio_method, tlso_bio_gets) + || !BIO_meth_set_ctrl(tlso_bio_method, tlso_bio_ctrl) + || !BIO_meth_set_create(tlso_bio_method, tlso_bio_create) + || !BIO_meth_set_destroy(tlso_bio_method, tlso_bio_destroy)) { + return -1; + } + } + bio = BIO_new(tlso_bio_method); + if ( bio == NULL ) { + return -1; + } + BIO_set_data(bio, (void *)p); +#endif This is no good, the tlso_bio_method must be initialized once and only once. The structure can be referenced simultaneously from multiple threads, and initing on each use will be a performance hit as well as a waste of memory. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8556) OpenLDAP technical support listing
by marketing＠rosehosting.com 03 Jan '17

03 Jan '17

Full_Name: Michael Freeman Version: OS: URL: Submission from: (NULL) (206.196.115.115) Back in 2014, we published a tutorial for OpenLDAP on our blog. You can check it out at https://www.rosehosting.com/blog/install-and-configure-openldap-and-phpldap… We'd like to get listed on your OpenLDAP technical support page (http://www.openldap.org/support/). Here's some information you can use: <a href="https://www.rosehosting.com ">Rose Web Services LLC</a> - USA Provides fully managed Linux VPS hosting with free 24/7 support, free initial OpenLDAP setup and configuration and free full weekly backups. We'd really appreciate it if you add us to the list.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs January 2017