From cpaynetaffe@gmail.com Mon Jun 20 09:42:27 2016 From: cpaynetaffe@gmail.com To: openldap-bugs@openldap.org Subject: Re: (ITS#8445) LibreSSL v2.4 compile Date: Mon, 20 Jun 2016 09:42:25 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8094112226100835149==" --===============8094112226100835149== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable --001a1147bbbc1ed3a40535b28599 Content-Type: text/plain; charset=3DUTF-8 Good point, I was assuming that LibreSSL was focused on only maintaining compatibility with v1.0.1 though, as they've created their own libtls for future programs. Git grep didn't show anything in the v2.4.1 portable repo. The v1.1 API is still in pre-release it looks like, and the relevant functions have only been in OpenSSL since January and March respectively according to git. In fact LibreSSL has had only a handful of commits this year in portable, mostly focused on building with cmake and some fixes, but no API additions. Neither function is available in the -current OpenBSD cvs tree either. I've emailed libressl(a)openbsd.org to inquire further. On Mon, Jun 20, 2016 at 1:38 AM Howard Chu wrote: > Connor Taffe wrote: > > Fixed, attached is a patch. > > I'm a bit concerned that you're only checking for the existence of LIBRESSL > instead of actually comparing the version number. Since the OpenSSL change > is > based on their v1.1 API, do you know if/when LibreSSL plans to adopt the > new API? > > > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu > > wrote: > > > > cpaynetaffe(a)gmail.com wrote: > > > Full_Name: Connor Taffe > > > Version: master > > > OS: Ubuntu devel > > > URL: ftp://ftp.openldap.org/incoming/ > > > Submission from: (NULL) (50.25.160.41) > > > > > > > > > Compiling against LibreSSL v2.4.1 failed linking with > SSL_CTX_up_ref and > > > X509_NAME_get0_der undefined. I added checking if > > LIBRESSL_VERSION_NUMBER to the > > > same conditional compilation ifs that are defined for old > versions of > > OpenSSL. > > > > > > https://github.com/cptaffe/openldap > > > > Please read the Developer Guidelines. I'm not going to pull an > arbitrary repo > > to find someone's patch. > > > > http://www.openldap.org/devel/contributing.html > > > > -- > > -- Howard Chu > > CTO, Symas Corp. http://www.symas.com > > Director, Highland Sun http://highlandsun.com/hyc/ > > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --001a1147bbbc1ed3a40535b28599 Content-Type: text/html; charset=3DUTF-8 Content-Transfer-Encoding: quoted-printable
Good point,

=3DC2=3DA0I was assuming th= at L=3D ibreSSL was focused on only=3DC2=3DA0mainta= inin=3D g=3DC2=3DA0compatibilitywith v1.0.1 though, as they've create= =3D d their own libtls for future programs.

Git grep didn't show anything in the v2.4.1 portable repo.
=3D The v1.1 API is still in pre-release it looks like, and the relevant functi=3D ons have
only been in OpenSSL since January and March respectivel=3D y according to git.
In fact LibreSSL has had only a handful of co=3D mmits this year in portable,
mostly focused on building with cmak=3D e and some fixes, but no API additions.

Neither fu=3D nction is available in the -current OpenBSD cvs tree either.

=3D
I've emailed libre= ss=3D l(a)openbsd.org=3DC2=3DA0to inquire further.

On Mon, Jun 20, 2016 at 1:38 AM Howard = Ch=3D u <hyc(a)symas.com> wrote:
=
Connor Taffe wrote:
> Fixed, attached is a patch.

I'm a bit concerned that you're only checking for the existence of =3D LIBRESSL
instead of actually comparing the version number. Since the OpenSSL change =3D is
based on their v1.1 API, do you know if/when LibreSSL plans to adopt the ne=3D w API?

> On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com
> <mailto:hyc(= a)syma=3D s.com>> wrote:
>
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0cpaynetaffe(a)gmail.com <mailto:cpaynetaffe(a)gmail.com> wrote:
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > Full_Name: Connor Taffe
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > Version: master
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > OS: Ubuntu devel
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > URL: ftp://ftp.openldap.org/incoming= /<=3D /a>
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > Submission from: (NULL) (50.25.160.= 41)
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 >
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 >
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > Compiling against LibreSSL v2.4.1 f= ailed link=3D ing with SSL_CTX_up_ref and
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > X509_NAME_get0_der undefined. I add= ed checkin=3D g if
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0LIBRESSL_VERSION_NUMBER to the
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > same conditional compilation ifs th= at are def=3D ined for old versions of
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0OpenSSL.
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 >
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 > https://github.com/cptaffe/openld= ap=3D
>
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0Please read the Developer Guidelines. I&#= 39;m not g=3D oing to pull an arbitrary repo
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0to find someone's patch.
>
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0http://www.openldap.org/dev= el=3D /contributing.html
>
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0--
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0-- Howard Chu
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0CTO, Symas Corp. http://www.symas.com<=3D br> >=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0Director, Highland = Sun http://hig= hl=3D andsun.com/hyc/
>=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0Chief Architect, Op= enLDAP ht= tp=3D ://www.openldap.org/project/
>


--
=3DC2=3DA0 =3DC2=3DA0-- Howard Chu
=3DC2=3DA0 =3DC2=3DA0CTO, Symas Corp.=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0 =3DC2= =3DA0 =3DC2=3DA0 =3DC2=3DA0http:/= /www=3D .symas.com
=3DC2=3DA0 =3DC2=3DA0Director, Highland Sun=3DC2=3DA0 =3DC2=3DA0 =3DC2=3DA0http://highlands= un=3D .com/hyc/
=3DC2=3DA0 =3DC2=3DA0Chief Architect, OpenLDAP=3DC2=3DA0 http://www.openldap.o= rg=3D /project/
--001a1147bbbc1ed3a40535b28599-- --===============8094112226100835149==--