openldap-bugs

openldap-bugs@openldap.org

1 participants
20965 discussions

Re: (ITS#8447) LMDB: Overwriting values in MDB_DUPSORT databases broken
by hyc＠symas.com 20 Jun '16

20 Jun '16

lukaswhl(a)gmail.com wrote: > Full_Name: Lukas W > Version: mdb.master c367c1f69685a4d307acb8cea6945c1d67e1cc7e > OS: Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (114.23.231.86) > > > Replacing values in sub-databases (with MDB_DUPSORT) can lead to the new data's > length being ignored. This specific example reproduces the problem (creating the > entries "1"->"ABC", and "1"->2a2abc"): > > […] > mdb_dbi_open(txn, NULL, MDB_DUPSORT, &dbi); > key.mv_size = 2; > key.mv_data = "1"; > data.mv_size = 4; > data.mv_data = "ABC"; > mdb_put(txn, dbi, &key, &data, 0); > data.mv_data = "abc"; > mdb_put(txn, dbi, &key, &data, 0); > > If one later tries to change a value of one of the existing entries, the new > value is being copied, but the size is not changed. This could lead to database > corruption if the new value is longer than the old one as the length of the new > value is used in memcpy. > > key.mv_ze % = 2; > key.mv_data = "1"; > data.mv_size = 4; > data.mv_data = "abc"; > mdb_cursor_get(cursor, &key, &data, MDB_GET_BOTH); > > data.mv_size = 2; > data.mv_data = "Q"; > mdb_cursor_put(cursor, &key, &data, MDB_CURRENT); This is a misuse of MDB_CURRENT: as documented, the new value is supposed to be the same size as the existing value. > > mdb_cursor_get(cursor, &key, &data, MDB_GET_CURRENT); > printf("%s (%d)\n", data.mv_size); > > This will output "Q (4)", while it should output "Q (2)". Note that the data in > the DB probably is "Q\0c", printf just stops at the null character. > The value is written in mdb.c:7516. Context: > > […] > /* same size, just replace it. Note that we could > * also reuse this node if the new data is smaller, > * but instead we opt to shrink the node in that case. > */ > if (F_ISSET(flags, MDB_RESERVE)) > data->mv_data = olddata.mv_data; > else if (!(mc->mc_flags & C_SUB)) > memcpy(olddata.mv_data, data->mv_data, data->mv_size); > else { > 7516: memcpy(NODEKEY(leaf), key->mv_data, key->mv_size); > goto fix_parent; > } > […] > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8447) LMDB: Overwriting values in MDB_DUPSORT databases broken
by lukaswhl＠gmail.com 20 Jun '16

20 Jun '16

Full_Name: Lukas W Version: mdb.master c367c1f69685a4d307acb8cea6945c1d67e1cc7e OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (114.23.231.86) Replacing values in sub-databases (with MDB_DUPSORT) can lead to the new data's length being ignored. This specific example reproduces the problem (creating the entries "1"->"ABC", and "1"->2a2abc"): [] mdb_dbi_open(txn, NULL, MDB_DUPSORT, &dbi); key.mv_size = 2; key.mv_data = "1"; data.mv_size = 4; data.mv_data = "ABC"; mdb_put(txn, dbi, &key, &data, 0); data.mv_data = "abc"; mdb_put(txn, dbi, &key, &data, 0); If one later tries to change a value of one of the existing entries, the new value is being copied, but the size is not changed. This could lead to database corruption if the new value is longer than the old one as the length of the new value is used in memcpy. key.mv_ze % = 2; key.mv_data = "1"; data.mv_size = 4; data.mv_data = "abc"; mdb_cursor_get(cursor, &key, &data, MDB_GET_BOTH); data.mv_size = 2; data.mv_data = "Q"; mdb_cursor_put(cursor, &key, &data, MDB_CURRENT); mdb_cursor_get(cursor, &key, &data, MDB_GET_CURRENT); printf("%s (%d)\n", data.mv_size); This will output "Q (4)", while it should output "Q (2)". Note that the data in the DB probably is "Q\0c", printf just stops at the null character. The value is written in mdb.c:7516. Context: [] /* same size, just replace it. Note that we could * also reuse this node if the new data is smaller, * but instead we opt to shrink the node in that case. */ if (F_ISSET(flags, MDB_RESERVE)) data->mv_data = olddata.mv_data; else if (!(mc->mc_flags & C_SUB)) memcpy(olddata.mv_data, data->mv_data, data->mv_size); else { 7516: memcpy(NODEKEY(leaf), key->mv_data, key->mv_size); goto fix_parent; } []

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by cpaynetaffe＠gmail.com 20 Jun '16

20 Jun '16

--001a113eeb0accaf2b0535b8d348 Content-Type: text/plain; charset=UTF-8 Unfortunately LibreSSL defines OPENSSL_VERSION_NUBMER as 0x02000000. On Mon, Jun 20, 2016 at 11:40 AM Howard Chu <hyc(a)symas.com> wrote: > Connor Taffe wrote: > > Good point, > > > > I was assuming that LibreSSL was focused on only maintaining > compatibility > > with v1.0.1 though, as they've created their own libtls for future > programs. > > > > Git grep didn't show anything in the v2.4.1 portable repo. > > The v1.1 API is still in pre-release it looks like, and the relevant > functions > > have > > only been in OpenSSL since January and March respectively according to > git. > > In fact LibreSSL has had only a handful of commits this year in portable, > > mostly focused on building with cmake and some fixes, but no API > additions. > > > > Neither function is available in the -current OpenBSD cvs tree either. > > > > I've emailed libressl(a)openbsd.org <mailto:libressl@openbsd.org> to > inquire > > further. > > Thanks. In the meantime I think the sane thing to do is just invert the > current #if. Swap the code so it's > > #if OPENSSL_VERSION_NUMBER >= 0x01010000 > new stuff > #else > old stuff > #endif > > then we can ignore this until LibreSSL catches up. > > > > On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <hyc(a)symas.com > > <mailto:hyc@symas.com>> wrote: > > > > Connor Taffe wrote: > > > Fixed, attached is a patch. > > > > I'm a bit concerned that you're only checking for the existence of > LIBRESSL > > instead of actually comparing the version number. Since the OpenSSL > change is > > based on their v1.1 API, do you know if/when LibreSSL plans to adopt > the > > new API? > > > > > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com > > <mailto:hyc@symas.com> > > > <mailto:hyc@symas.com <mailto:hyc@symas.com>>> wrote: > > > > > > cpaynetaffe(a)gmail.com <mailto:cpaynetaffe@gmail.com> > > <mailto:cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>> wrote: > > > > Full_Name: Connor Taffe > > > > Version: master > > > > OS: Ubuntu devel > > > > URL: ftp://ftp.openldap.org/incoming/ > > > > Submission from: (NULL) (50.25.160.41) > > > > > > > > > > > > Compiling against LibreSSL v2.4.1 failed linking with > > SSL_CTX_up_ref and > > > > X509_NAME_get0_der undefined. I added checking if > > > LIBRESSL_VERSION_NUMBER to the > > > > same conditional compilation ifs that are defined for old > > versions of > > > OpenSSL. > > > > > > > > https://github.com/cptaffe/openldap > > > > > > Please read the Developer Guidelines. I'm not going to pull an > > arbitrary repo > > > to find someone's patch. > > > > > > http://www.openldap.org/devel/contributing.html > > > > > > -- > > > -- Howard Chu > > > CTO, Symas Corp. http://www.symas.com > > > Director, Highland Sun http://highlandsun.com/hyc/ > > > Chief Architect, OpenLDAP > http://www.openldap.org/project/ > > > > > > > > > -- > > -- Howard Chu > > CTO, Symas Corp. http://www.symas.com > > Director, Highland Sun http://highlandsun.com/hyc/ > > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --001a113eeb0accaf2b0535b8d348 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Unfortunately LibreSSL defines OPENSSL_VERSION_NUBMER= as=C2=A0<span style=3D"color:rgb(33,33,33);font-family:'helvetica neue= ',helvetica,arial,sans-serif">0x02000000.</span></div></div><br><div cl= ass=3D"gmail_quote"><div dir=3D"ltr">On Mon, Jun 20, 2016 at 11:40 AM Howar= d Chu <<a href=3D"mailto:hyc@symas.com">hyc(a)symas.com</a>> wrote:<br>= </div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l= eft:1px #ccc solid;padding-left:1ex">Connor Taffe wrote:<br> > Good point,<br> ><br> >=C2=A0 =C2=A0I was assuming that LibreSSL was focused on only maintaini= ng compatibility<br> > with v1.0.1 though, as they've created their own libtls for future= programs.<br> ><br> > Git grep didn't show anything in the v2.4.1 portable repo.<br> > The v1.1 API is still in pre-release it looks like, and the relevant f= unctions<br> > have<br> > only been in OpenSSL since January and March respectively according to= git.<br> > In fact LibreSSL has had only a handful of commits this year in portab= le,<br> > mostly focused on building with cmake and some fixes, but no API addit= ions.<br> ><br> > Neither function is available in the -current OpenBSD cvs tree either.= <br> ><br> > I've emailed <a href=3D"mailto:libressl@openbsd.org" target=3D"_bl= ank">libressl(a)openbsd.org</a> <mailto:<a href=3D"mailto:libressl@openbsd= .org" target=3D"_blank">libressl(a)openbsd.org</a>> to inquire<br> > further.<br> <br> Thanks. In the meantime I think the sane thing to do is just invert the<br> current #if. Swap the code so it's<br> <br> #if OPENSSL_VERSION_NUMBER >=3D 0x01010000<br> =C2=A0 =C2=A0new stuff<br> #else<br> =C2=A0 =C2=A0old stuff<br> #endif<br> <br> then we can ignore this until LibreSSL catches up.<br> ><br> > On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <<a href=3D"mailto:hyc@s= ymas.com" target=3D"_blank">hyc(a)symas.com</a><br> > <mailto:<a href=3D"mailto:hyc@symas.com" target=3D"_blank">hyc@syma= s.com</a>>> wrote:<br> ><br> >=C2=A0 =C2=A0 =C2=A0Connor Taffe wrote:<br> >=C2=A0 =C2=A0 =C2=A0 > Fixed, attached is a patch.<br> ><br> >=C2=A0 =C2=A0 =C2=A0I'm a bit concerned that you're only checki= ng for the existence of LIBRESSL<br> >=C2=A0 =C2=A0 =C2=A0instead of actually comparing the version number. S= ince the OpenSSL change is<br> >=C2=A0 =C2=A0 =C2=A0based on their v1.1 API, do you know if/when LibreS= SL plans to adopt the<br> >=C2=A0 =C2=A0 =C2=A0new API?<br> ><br> >=C2=A0 =C2=A0 =C2=A0 > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu &l= t;<a href=3D"mailto:hyc@symas.com" target=3D"_blank">hyc(a)symas.com</a><br> >=C2=A0 =C2=A0 =C2=A0<mailto:<a href=3D"mailto:hyc@symas.com" target= =3D"_blank">hyc(a)symas.com</a>><br> >=C2=A0 =C2=A0 =C2=A0 > <mailto:<a href=3D"mailto:hyc@symas.com" t= arget=3D"_blank">hyc(a)symas.com</a> <mailto:<a href=3D"mailto:hyc@symas.c= om" target=3D"_blank">hyc(a)symas.com</a>>>> wrote:<br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 > <a href=3D"mailto:cpaynetaffe@gmail.com" targ= et=3D"_blank">cpaynetaffe(a)gmail.com</a> <mailto:<a href=3D"mailto:cpayne= taffe(a)gmail.com" target=3D"_blank">cpaynetaffe(a)gmail.com</a>><br> >=C2=A0 =C2=A0 =C2=A0<mailto:<a href=3D"mailto:cpaynetaffe@gmail.com"= target=3D"_blank">cpaynetaffe(a)gmail.com</a> <mailto:<a href=3D"mailto:c= paynetaffe(a)gmail.com" target=3D"_blank">cpaynetaffe(a)gmail.com</a>>> w= rote:<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > Full_Name: Connor Ta= ffe<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > Version: master<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > OS: Ubuntu devel<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > URL: <a href=3D"ftp:= //ftp.openldap.org/incoming/" rel=3D"noreferrer" target=3D"_blank">ftp://ft= p.openldap.org/incoming/</a><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > Submission from: (NU= LL) (50.25.160.41)<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > Compiling against Li= breSSL v2.4.1 failed linking with<br> >=C2=A0 =C2=A0 =C2=A0SSL_CTX_up_ref and<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > X509_NAME_get0_der u= ndefined. I added checking if<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0LIBRESSL_VERSION_NUMBER to= the<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > same conditional com= pilation ifs that are defined for old<br> >=C2=A0 =C2=A0 =C2=A0versions of<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0OpenSSL.<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 > <a href=3D"https://g= ithub.com/cptaffe/openldap" rel=3D"noreferrer" target=3D"_blank">https://gi= thub.com/cptaffe/openldap</a><br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0Please read the Developer = Guidelines. I'm not going to pull an<br> >=C2=A0 =C2=A0 =C2=A0arbitrary repo<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0to find someone's patc= h.<br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 > <a href=3D"http://www.openldap.org/devel/cont= ributing.html" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org= /devel/contributing.html</a><br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0--<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Howard Ch= u<br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0CTO, Symas C= orp. <a href=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">= http://www.symas.com</a><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Director, Hi= ghland Sun <a href=3D"http://highlandsun.com/hyc/" rel=3D"noreferrer" targe= t=3D"_blank">http://highlandsun.com/hyc/</a><br> >=C2=A0 =C2=A0 =C2=A0 >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Chief Archit= ect, OpenLDAP <a href=3D"http://www.openldap.org/project/" rel=3D"noreferre= r" target=3D"_blank">http://www.openldap.org/project/</a><br> >=C2=A0 =C2=A0 =C2=A0 ><br> ><br> ><br> >=C2=A0 =C2=A0 =C2=A0--<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Howard Chu<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0CTO, Symas Corp. <a href=3D"http://ww= w.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas.com</a><= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Director, Highland Sun <a href=3D"htt= p://highlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highl= andsun.com/hyc/</a><br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Chief Architect, OpenLDAP <a href=3D"= http://www.openldap.org/project/" rel=3D"noreferrer" target=3D"_blank">http= ://www.openldap.org/project/</a><br> ><br> <br> <br> --<br> =C2=A0 =C2=A0-- Howard Chu<br> =C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr= ef=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www= .symas.com</a><br> =C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi= ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun= .com/hyc/</a><br> =C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap= .org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org= /project/</a><br> </blockquote></div> --001a113eeb0accaf2b0535b8d348--

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by hyc＠symas.com 20 Jun '16

20 Jun '16

Connor Taffe wrote: > Good point, > > I was assuming that LibreSSL was focused on only maintaining compatibility > with v1.0.1 though, as they've created their own libtls for future programs. > > Git grep didn't show anything in the v2.4.1 portable repo. > The v1.1 API is still in pre-release it looks like, and the relevant functions > have > only been in OpenSSL since January and March respectively according to git. > In fact LibreSSL has had only a handful of commits this year in portable, > mostly focused on building with cmake and some fixes, but no API additions. > > Neither function is available in the -current OpenBSD cvs tree either. > > I've emailed libressl(a)openbsd.org <mailto:libressl@openbsd.org> to inquire > further. Thanks. In the meantime I think the sane thing to do is just invert the current #if. Swap the code so it's #if OPENSSL_VERSION_NUMBER >= 0x01010000 new stuff #else old stuff #endif then we can ignore this until LibreSSL catches up. > > On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <hyc(a)symas.com > <mailto:hyc@symas.com>> wrote: > > Connor Taffe wrote: > > Fixed, attached is a patch. > > I'm a bit concerned that you're only checking for the existence of LIBRESSL > instead of actually comparing the version number. Since the OpenSSL change is > based on their v1.1 API, do you know if/when LibreSSL plans to adopt the > new API? > > > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com > <mailto:hyc@symas.com> > > <mailto:hyc@symas.com <mailto:hyc@symas.com>>> wrote: > > > > cpaynetaffe(a)gmail.com <mailto:cpaynetaffe@gmail.com> > <mailto:cpaynetaffe@gmail.com <mailto:cpaynetaffe@gmail.com>> wrote: > > > Full_Name: Connor Taffe > > > Version: master > > > OS: Ubuntu devel > > > URL: ftp://ftp.openldap.org/incoming/ > > > Submission from: (NULL) (50.25.160.41) > > > > > > > > > Compiling against LibreSSL v2.4.1 failed linking with > SSL_CTX_up_ref and > > > X509_NAME_get0_der undefined. I added checking if > > LIBRESSL_VERSION_NUMBER to the > > > same conditional compilation ifs that are defined for old > versions of > > OpenSSL. > > > > > > https://github.com/cptaffe/openldap > > > > Please read the Developer Guidelines. I'm not going to pull an > arbitrary repo > > to find someone's patch. > > > > http://www.openldap.org/devel/contributing.html > > > > -- > > -- Howard Chu > > CTO, Symas Corp. http://www.symas.com > > Director, Highland Sun http://highlandsun.com/hyc/ > > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8446) Various bug fixes for the async-meta backend
by nivanova＠symas.com 20 Jun '16

20 Jun '16

Full_Name: Nadezhda Ivanova Version: 2.5 OS: URL: ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_1.patch Submission from: (NULL) (78.83.54.234) Some new bug fixes for the async-meta backend 1. Removed some unused attributes from olcAsyncMetaConfig. These attributes were removed when some configuration options were removed for asyncmeta, being no longer applicable, but removing them from the class definition was missed. ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_1.patch 2.Fix for a crash during an add operation ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_2.patch 3. Asyncmeta ignored ors_tlimit if operation timeout was configured in slapd.conf ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_3.patch 4. Fixed uninitialized control value during copy of operation, which caused occasional crashes when controls without values are used. ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_4.patch 5. Fixed a missing result message if onerr=continue and the last result is an error. ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_5.patch 6. Fixed incorrect copy of the entry of an add operation, which resulted in memory leaks. ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_6.patch 7.Fixed incorrect copy of Modifications for a modify op, resulting in missing Modifications values ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_7.patch 8. Add and modify asyncmeta operations timed-out after a number of operations if the target is unavailable, search operations would occasionally crash under same conditions: ftp://ftp.openldap.org/incoming/Nadezhda-Ivanova-160620_8.patch

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by cpaynetaffe＠gmail.com 20 Jun '16

20 Jun '16

--001a1147bbbc1ed3a40535b28599 Content-Type: text/plain; charset=UTF-8 Good point, I was assuming that LibreSSL was focused on only maintaining compatibility with v1.0.1 though, as they've created their own libtls for future programs. Git grep didn't show anything in the v2.4.1 portable repo. The v1.1 API is still in pre-release it looks like, and the relevant functions have only been in OpenSSL since January and March respectively according to git. In fact LibreSSL has had only a handful of commits this year in portable, mostly focused on building with cmake and some fixes, but no API additions. Neither function is available in the -current OpenBSD cvs tree either. I've emailed libressl(a)openbsd.org to inquire further. On Mon, Jun 20, 2016 at 1:38 AM Howard Chu <hyc(a)symas.com> wrote: > Connor Taffe wrote: > > Fixed, attached is a patch. > > I'm a bit concerned that you're only checking for the existence of LIBRESSL > instead of actually comparing the version number. Since the OpenSSL change > is > based on their v1.1 API, do you know if/when LibreSSL plans to adopt the > new API? > > > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com > > <mailto:hyc@symas.com>> wrote: > > > > cpaynetaffe(a)gmail.com <mailto:cpaynetaffe@gmail.com> wrote: > > > Full_Name: Connor Taffe > > > Version: master > > > OS: Ubuntu devel > > > URL: ftp://ftp.openldap.org/incoming/ > > > Submission from: (NULL) (50.25.160.41) > > > > > > > > > Compiling against LibreSSL v2.4.1 failed linking with > SSL_CTX_up_ref and > > > X509_NAME_get0_der undefined. I added checking if > > LIBRESSL_VERSION_NUMBER to the > > > same conditional compilation ifs that are defined for old > versions of > > OpenSSL. > > > > > > https://github.com/cptaffe/openldap > > > > Please read the Developer Guidelines. I'm not going to pull an > arbitrary repo > > to find someone's patch. > > > > http://www.openldap.org/devel/contributing.html > > > > -- > > -- Howard Chu > > CTO, Symas Corp. http://www.symas.com > > Director, Highland Sun http://highlandsun.com/hyc/ > > Chief Architect, OpenLDAP http://www.openldap.org/project/ > > > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --001a1147bbbc1ed3a40535b28599 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Good point,<div><br></div><div>=C2=A0I was assuming that L= ibreSSL was focused on only=C2=A0<span style=3D"line-height:1.5">maintainin= g=C2=A0</span><span style=3D"line-height:1.5">compatibility</span></div><di= v><span style=3D"line-height:1.5">with v1.0.1 though, as they've create= d their own libtls for future programs.</span></div><div><div><br></div><di= v>Git grep didn't show anything in the v2.4.1 portable repo.</div><div>= The v1.1 API is still in pre-release it looks like, and the relevant functi= ons have</div><div>only been in OpenSSL since January and March respectivel= y according to git.</div><div>In fact LibreSSL has had only a handful of co= mmits this year in portable,</div><div>mostly focused on building with cmak= e and some fixes, but no API additions.</div><div><br></div><div>Neither fu= nction is available in the -current OpenBSD cvs tree either.</div><div><br>= </div><div>I've emailed <a href=3D"mailto:libressl@openbsd.org">libress= l(a)openbsd.org</a>=C2=A0to inquire further.</div></div></div><br><div class= =3D"gmail_quote"><div dir=3D"ltr">On Mon, Jun 20, 2016 at 1:38 AM Howard Ch= u <<a href=3D"mailto:hyc@symas.com">hyc(a)symas.com</a>> wrote:<br></di= v><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:= 1px #ccc solid;padding-left:1ex">Connor Taffe wrote:<br> > Fixed, attached is a patch.<br> <br> I'm a bit concerned that you're only checking for the existence of = LIBRESSL<br> instead of actually comparing the version number. Since the OpenSSL change = is<br> based on their v1.1 API, do you know if/when LibreSSL plans to adopt the ne= w API?<br> <br> > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <<a href=3D"mailto:hyc@s= ymas.com" target=3D"_blank">hyc(a)symas.com</a><br> > <mailto:<a href=3D"mailto:hyc@symas.com" target=3D"_blank">hyc@syma= s.com</a>>> wrote:<br> ><br> >=C2=A0 =C2=A0 =C2=A0<a href=3D"mailto:cpaynetaffe@gmail.com" target=3D"= _blank">cpaynetaffe(a)gmail.com</a> <mailto:<a href=3D"mailto:cpaynetaffe@= gmail.com" target=3D"_blank">cpaynetaffe(a)gmail.com</a>> wrote:<br> >=C2=A0 =C2=A0 =C2=A0 > Full_Name: Connor Taffe<br> >=C2=A0 =C2=A0 =C2=A0 > Version: master<br> >=C2=A0 =C2=A0 =C2=A0 > OS: Ubuntu devel<br> >=C2=A0 =C2=A0 =C2=A0 > URL: <a href=3D"ftp://ftp.openldap.org/incomi= ng/" rel=3D"noreferrer" target=3D"_blank">ftp://ftp.openldap.org/incoming/<= /a><br> >=C2=A0 =C2=A0 =C2=A0 > Submission from: (NULL) (50.25.160.41)<br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 > Compiling against LibreSSL v2.4.1 failed link= ing with SSL_CTX_up_ref and<br> >=C2=A0 =C2=A0 =C2=A0 > X509_NAME_get0_der undefined. I added checkin= g if<br> >=C2=A0 =C2=A0 =C2=A0LIBRESSL_VERSION_NUMBER to the<br> >=C2=A0 =C2=A0 =C2=A0 > same conditional compilation ifs that are def= ined for old versions of<br> >=C2=A0 =C2=A0 =C2=A0OpenSSL.<br> >=C2=A0 =C2=A0 =C2=A0 ><br> >=C2=A0 =C2=A0 =C2=A0 > <a href=3D"https://github.com/cptaffe/openlda= p" rel=3D"noreferrer" target=3D"_blank">https://github.com/cptaffe/openldap= </a><br> ><br> >=C2=A0 =C2=A0 =C2=A0Please read the Developer Guidelines. I'm not g= oing to pull an arbitrary repo<br> >=C2=A0 =C2=A0 =C2=A0to find someone's patch.<br> ><br> >=C2=A0 =C2=A0 =C2=A0<a href=3D"http://www.openldap.org/devel/contributi= ng.html" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org/devel= /contributing.html</a><br> ><br> >=C2=A0 =C2=A0 =C2=A0--<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0-- Howard Chu<br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0CTO, Symas Corp. <a href=3D"http://ww= w.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www.symas.com</a><= br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Director, Highland Sun <a href=3D"htt= p://highlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highl= andsun.com/hyc/</a><br> >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Chief Architect, OpenLDAP <a href=3D"= http://www.openldap.org/project/" rel=3D"noreferrer" target=3D"_blank">http= ://www.openldap.org/project/</a><br> ><br> <br> <br> --<br> =C2=A0 =C2=A0-- Howard Chu<br> =C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr= ef=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www= .symas.com</a><br> =C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi= ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun= .com/hyc/</a><br> =C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap= .org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org= /project/</a><br> </blockquote></div> --001a1147bbbc1ed3a40535b28599--

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by hyc＠symas.com 19 Jun '16

19 Jun '16

Connor Taffe wrote: > Fixed, attached is a patch. I'm a bit concerned that you're only checking for the existence of LIBRESSL instead of actually comparing the version number. Since the OpenSSL change is based on their v1.1 API, do you know if/when LibreSSL plans to adopt the new API? > On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com > <mailto:hyc@symas.com>> wrote: > > cpaynetaffe(a)gmail.com <mailto:cpaynetaffe@gmail.com> wrote: > > Full_Name: Connor Taffe > > Version: master > > OS: Ubuntu devel > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (50.25.160.41) > > > > > > Compiling against LibreSSL v2.4.1 failed linking with SSL_CTX_up_ref and > > X509_NAME_get0_der undefined. I added checking if > LIBRESSL_VERSION_NUMBER to the > > same conditional compilation ifs that are defined for old versions of > OpenSSL. > > > > https://github.com/cptaffe/openldap > > Please read the Developer Guidelines. I'm not going to pull an arbitrary repo > to find someone's patch. > > http://www.openldap.org/devel/contributing.html > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by cpaynetaffe＠gmail.com 19 Jun '16

19 Jun '16

--001a113eeb0acc108f0535abc1d3 Content-Type: multipart/alternative; boundary=001a113eeb0acc10860535abc1d1 --001a113eeb0acc10860535abc1d1 Content-Type: text/plain; charset=UTF-8 Fixed, attached is a patch. On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <hyc(a)symas.com> wrote: > cpaynetaffe(a)gmail.com wrote: > > Full_Name: Connor Taffe > > Version: master > > OS: Ubuntu devel > > URL: ftp://ftp.openldap.org/incoming/ > > Submission from: (NULL) (50.25.160.41) > > > > > > Compiling against LibreSSL v2.4.1 failed linking with SSL_CTX_up_ref and > > X509_NAME_get0_der undefined. I added checking if > LIBRESSL_VERSION_NUMBER to the > > same conditional compilation ifs that are defined for old versions of > OpenSSL. > > > > https://github.com/cptaffe/openldap > > Please read the Developer Guidelines. I'm not going to pull an arbitrary > repo > to find someone's patch. > > http://www.openldap.org/devel/contributing.html > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ > --001a113eeb0acc10860535abc1d1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">Fixed, attached is a patch.<br><br><div class=3D"gmail_quo= te"><div dir=3D"ltr">On Sun, Jun 19, 2016 at 8:02 PM Howard Chu <<a href= =3D"mailto:hyc@symas.com">hyc(a)symas.com</a>> wrote:<br></div><blockquote= class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli= d;padding-left:1ex"><a href=3D"mailto:cpaynetaffe@gmail.com" target=3D"_bla= nk">cpaynetaffe(a)gmail.com</a> wrote:<br> > Full_Name: Connor Taffe<br> > Version: master<br> > OS: Ubuntu devel<br> > URL: <a href=3D"ftp://ftp.openldap.org/incoming/" rel=3D"noreferrer" t= arget=3D"_blank">ftp://ftp.openldap.org/incoming/</a><br> > Submission from: (NULL) (50.25.160.41)<br> ><br> ><br> > Compiling against LibreSSL v2.4.1 failed linking with SSL_CTX_up_ref a= nd<br> > X509_NAME_get0_der undefined. I added checking if LIBRESSL_VERSION_NUM= BER to the<br> > same conditional compilation ifs that are defined for old versions of = OpenSSL.<br> ><br> > <a href=3D"https://github.com/cptaffe/openldap" rel=3D"noreferrer" tar= get=3D"_blank">https://github.com/cptaffe/openldap</a><br> <br> Please read the Developer Guidelines. I'm not going to pull an arbitrar= y repo<br> to find someone's patch.<br> <br> <a href=3D"http://www.openldap.org/devel/contributing.html" rel=3D"noreferr= er" target=3D"_blank">http://www.openldap.org/devel/contributing.html</a><b= r> <br> --<br> =C2=A0 =C2=A0-- Howard Chu<br> =C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr= ef=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www= .symas.com</a><br> =C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi= ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun= .com/hyc/</a><br> =C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap= .org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org= /project/</a><br> </blockquote></div></div> --001a113eeb0acc10860535abc1d1-- --001a113eeb0acc108f0535abc1d3 Content-Type: text/x-patch; charset=US-ASCII; name="fix-libressl.patch" Content-Disposition: attachment; filename="fix-libressl.patch" Content-Transfer-Encoding: base64 Content-ID: <1556b74d65e98bc2a261> X-Attachment-Id: 1556b74d65e98bc2a261 RnJvbSBkNWRjNTcwMTJkYmYwMGM3NWVkY2ZmNjM2ODdlZmIwNjhjZWU0NDQ4IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBDb25ub3IgVGFmZmUgPGNwYXluZXRhZmZlQGdtYWlsLmNvbT4K RGF0ZTogU3VuLCAxOSBKdW4gMjAxNiAwMzo0NToyOSAtMDUwMApTdWJqZWN0OiBbUEFUQ0ggMS8y XSBSZW1vdmUgZnVuY3Rpb24gY2FsbHMgZm9yIExpYnJlU1NMIGNvbXBhdGFiaWxpdHkKClJlbW92 ZWQgY2FsbHMgdG8gWDUwOV9OQU1FX2dldDBfZGVyIGFuZCBTU0xfQ0VSVF91cF9yZWYgd2hlbgpM SUJSRVNTTF9WRVJTSU9OX05VTUJFUiBpcyBkZWZpbmVkLgpVc2VzIHNhbWUgY29tcGF0YWJpbGl0 eSBtZWNoYW5pc20gYXMgZm9yIG9sZCB2ZXJzaW9ucyBvZiBPcGVuU1NMLgotLS0KIGxpYnJhcmll cy9saWJsZGFwL3Rsc19vLmMgfCAxMSArKysrKysrLS0tLQogMSBmaWxlIGNoYW5nZWQsIDcgaW5z ZXJ0aW9ucygrKSwgNCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9saWJyYXJpZXMvbGlibGRh cC90bHNfby5jIGIvbGlicmFyaWVzL2xpYmxkYXAvdGxzX28uYwppbmRleCBlMWI3ZDQ4Li44Zjk1 ZTRiIDEwMDY0NAotLS0gYS9saWJyYXJpZXMvbGlibGRhcC90bHNfby5jCisrKyBiL2xpYnJhcmll cy9saWJsZGFwL3Rsc19vLmMKQEAgLTE4OSw3ICsxODksOCBAQCBzdGF0aWMgdm9pZAogdGxzb19j dHhfcmVmKCB0bHNfY3R4ICpjdHggKQogewogCXRsc29fY3R4ICpjID0gKHRsc29fY3R4ICopY3R4 OwotI2lmIE9QRU5TU0xfVkVSU0lPTl9OVU1CRVIgPCAweDEwMTAwMDAwCisvLyBMaWJyZVNTTCAo YXMgb2YgdjIuNC4xKSAgZG9lc24ndCBkZWZpbmUgU1NMX0NUWF91cF9yZWYKKyNpZiBPUEVOU1NM X1ZFUlNJT05fTlVNQkVSIDwgMHgxMDEwMDAwMCB8fCBMSUJSRVNTTF9WRVJTSU9OX05VTUJFUgog I2RlZmluZQlTU0xfQ1RYX3VwX3JlZihjdHgpCUNSWVBUT19hZGQoICYoY3R4LT5yZWZlcmVuY2Vz KSwgMSwgQ1JZUFRPX0xPQ0tfU1NMX0NUWCApCiAjZW5kaWYKIAlTU0xfQ1RYX3VwX3JlZiggYyAp OwpAQCAtNDczLDE0ICs0NzQsMTUgQEAgdGxzb19zZXNzaW9uX215X2RuKCB0bHNfc2Vzc2lvbiAq c2Vzcywgc3RydWN0IGJlcnZhbCAqZGVyX2RuICkKIAlpZiAoIXgpIHJldHVybiBMREFQX0lOVkFM SURfQ1JFREVOVElBTFM7CiAJCiAJeG4gPSBYNTA5X2dldF9zdWJqZWN0X25hbWUoeCk7Ci0jaWYg T1BFTlNTTF9WRVJTSU9OX05VTUJFUiA8IDB4MTAxMDAwMDAKKy8vIExpYnJlU1NMIChhcyBvZiB2 Mi40LjEpIGRvZXNuJ3QgZGVmaW5lIFg1MDlfTkFNRV9nZXQwX2RlcgorI2lmIE9QRU5TU0xfVkVS U0lPTl9OVU1CRVIgPCAweDEwMTAwMDAwIHx8IExJQlJFU1NMX1ZFUlNJT05fTlVNQkVSCiAJZGVy X2RuLT5idl9sZW4gPSBpMmRfWDUwOV9OQU1FKCB4biwgTlVMTCApOwogCWRlcl9kbi0+YnZfdmFs ID0geG4tPmJ5dGVzLT5kYXRhOwogI2Vsc2UKIAl7CiAJCXNpemVfdCBsZW4gPSAwOwogCQlkZXJf ZG4tPmJ2X3ZhbCA9IE5VTEw7Ci0JCVg1MDlfTkFNRV9nZXQwX2RlciggKGNvbnN0IHVuc2lnbmVk IGNoYXIgKiopJmRlcl9kbi0+YnZfdmFsLCAmbGVuLCB4biApOworCVg1MDlfTkFNRV9nZXQwX2Rl ciggKGNvbnN0IHVuc2lnbmVkIGNoYXIgKiopJmRlcl9kbi0+YnZfdmFsLCAmbGVuLCB4biApOwog CQlkZXJfZG4tPmJ2X2xlbiA9IGxlbjsKIAl9CiAjZW5kaWYKQEAgLTUwOSw3ICs1MTEsOCBAQCB0 bHNvX3Nlc3Npb25fcGVlcl9kbiggdGxzX3Nlc3Npb24gKnNlc3MsIHN0cnVjdCBiZXJ2YWwgKmRl cl9kbiApCiAJCXJldHVybiBMREFQX0lOVkFMSURfQ1JFREVOVElBTFM7CiAKIAl4biA9IFg1MDlf Z2V0X3N1YmplY3RfbmFtZSh4KTsKLSNpZiBPUEVOU1NMX1ZFUlNJT05fTlVNQkVSIDwgMHgxMDEw MDAwMAorLy8gTGlicmVTU0wgKGFzIG9mIHYuMi40LjEpIGRvZXNuJ3QgZGVmaW5lIFg1MDlfTkFN RV9nZXQwX2RlcgorI2lmIE9QRU5TU0xfVkVSU0lPTl9OVU1CRVIgPCAweDEwMTAwMDAwIHx8IExJ QlJFU1NMX1ZFUlNJT05fTlVNQkVSCiAJZGVyX2RuLT5idl9sZW4gPSBpMmRfWDUwOV9OQU1FKCB4 biwgTlVMTCApOwogCWRlcl9kbi0+YnZfdmFsID0geG4tPmJ5dGVzLT5kYXRhOwogI2Vsc2UKLS0g CjIuOS4wCgoKRnJvbSA0NWZmMTQyODA5YjdlZGVjZDlmMTU0OTA1MmVjNWE3NjQ4ZGY4ZDBkIE1v biBTZXAgMTcgMDA6MDA6MDAgMjAwMQpGcm9tOiBDb25ub3IgVGFmZmUgPGNwYXluZXRhZmZlQGdt YWlsLmNvbT4KRGF0ZTogU3VuLCAxOSBKdW4gMjAxNiAyMDoyNzoxNyAtMDUwMApTdWJqZWN0OiBb UEFUQ0ggMi8yXSBGaXggd2hpdGVzcGFjZSBpbmFkdmVydGVudGx5IGZ1Y2tlZCB1cAoKLS0tCiBs aWJyYXJpZXMvbGlibGRhcC90bHNfby5jIHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0 aW9uKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvbGlicmFyaWVzL2xpYmxkYXAvdGxz X28uYyBiL2xpYnJhcmllcy9saWJsZGFwL3Rsc19vLmMKaW5kZXggOGY5NWU0Yi4uMDk0ODZlNyAx MDA2NDQKLS0tIGEvbGlicmFyaWVzL2xpYmxkYXAvdGxzX28uYworKysgYi9saWJyYXJpZXMvbGli bGRhcC90bHNfby5jCkBAIC00ODIsNyArNDgyLDcgQEAgdGxzb19zZXNzaW9uX215X2RuKCB0bHNf c2Vzc2lvbiAqc2Vzcywgc3RydWN0IGJlcnZhbCAqZGVyX2RuICkKIAl7CiAJCXNpemVfdCBsZW4g PSAwOwogCQlkZXJfZG4tPmJ2X3ZhbCA9IE5VTEw7Ci0JWDUwOV9OQU1FX2dldDBfZGVyKCAoY29u c3QgdW5zaWduZWQgY2hhciAqKikmZGVyX2RuLT5idl92YWwsICZsZW4sIHhuICk7CisJCVg1MDlf TkFNRV9nZXQwX2RlciggKGNvbnN0IHVuc2lnbmVkIGNoYXIgKiopJmRlcl9kbi0+YnZfdmFsLCAm bGVuLCB4biApOwogCQlkZXJfZG4tPmJ2X2xlbiA9IGxlbjsKIAl9CiAjZW5kaWYKLS0gCjIuOS4w Cgo= --001a113eeb0acc108f0535abc1d3--

1 0

Re: (ITS#8445) LibreSSL v2.4 compile
by hyc＠symas.com 19 Jun '16

19 Jun '16

cpaynetaffe(a)gmail.com wrote: > Full_Name: Connor Taffe > Version: master > OS: Ubuntu devel > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (50.25.160.41) > > > Compiling against LibreSSL v2.4.1 failed linking with SSL_CTX_up_ref and > X509_NAME_get0_der undefined. I added checking if LIBRESSL_VERSION_NUMBER to the > same conditional compilation ifs that are defined for old versions of OpenSSL. > > https://github.com/cptaffe/openldap Please read the Developer Guidelines. I'm not going to pull an arbitrary repo to find someone's patch. http://www.openldap.org/devel/contributing.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

1 0

(ITS#8445) LibreSSL v2.4 compile
by cpaynetaffe＠gmail.com 19 Jun '16

19 Jun '16

Full_Name: Connor Taffe Version: master OS: Ubuntu devel URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (50.25.160.41) Compiling against LibreSSL v2.4.1 failed linking with SSL_CTX_up_ref and X509_NAME_get0_der undefined. I added checking if LIBRESSL_VERSION_NUMBER to the same conditional compilation ifs that are defined for old versions of OpenSSL. https://github.com/cptaffe/openldap

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs