On Wed, Aug 28, 2019 at 01:04:25AM +0000, ryan(a)openldap.org wrote:
The GnuTLS documentation states:
> Do not call this function from a library, or preferably from any application
> unless really needed to.
I disobeyed that guidance in commit 829027945, because I wasn't sure that
GnuTLS's own threading support would cover all the platforms libldap does. This
choice caused some bugs, e.g. <https://bugs.debian.org/803197>
I don't know how to find out for sure whether anyone builds libldap with GnuTLS
on a system where it lacks native mutexes. I think at this point I would rather
fix the known broken cases, over the risk of potentially breaking a theoretical
setup I'm not sure actually exists.
Therefore: I now propose applying this change for 2.5.
A similar change (making tlso_thr_init a no-op) has been introduced in
ITS#8533 when compiling with OpenSSL 1.1.0+, so I gather it should be
fine for GnuTLS as well.
Senior Software Engineer
Symas Corporation http://www.symas.com
Packaged, certified, and supported LDAP solutions powered by OpenLDAP