Re: (ITS#8666) Fix build with LibreSSL - openldap-bugs

5 Jun 2017

Hi Howard,
On 2017-06-05 17:03 +0100, Howard Chu hyc@symas.com wrote:
...
pawel@FreeBSD.org wrote:
...
Full_Name: Pawe&amp;#322; P&amp;#281;kala
Version: 2.4.45
OS: FreeBSD 12-CURRENT
URL: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219781
Submission from: (NULL) (62.141.192.76)
=20
No. LibreSSL should not be hijacking OPENSSL_VERSION_NUMBER macros,
especially if it doesn't actually implement the features of those
versions.
First off let me clarify first that I'm not representing LibreSSL
project, this is my opinion as a outsider. From my point of view they
are keeping OPENSSL_VERSION_NUMBER for backwards compatibility not
forwards, from their openssl/opensslv.h:
* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2050400fL
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.5.4"
/* These will never change */
#define OPENSSL_VERSION_NUMBER  0x20000000L
...
...
Latest version fails to build with LibreSSL. Following patch fixes
issue for me:

--- libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
+++ libraries/libldap/tls_o.c
@@ -47,7 +47,7 @@
 #include <ssl.h>
 #endif
-#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
+#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
&& !defined(LIBRESSL_VERSION_NUMBER) #define
ASN1_STRING_data(x)	ASN1_STRING_get0_data(x) #endif
@@ -157,7 +157,7 @@ tlso_init( void )
   (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
 #endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
defined(LIBRESSL_VERSION_NUMBER) SSL_load_error_strings();
   SSL_library_init();
   OpenSSL_add_all_digests();
@@ -205,7 +205,7 @@ static void
 tlso_ctx_ref( tls_ctx *ctx )
 {
   tlso_ctx *c =3D (tlso_ctx *)ctx;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
defined(LIBRESSL_VERSION_NUMBER) #define
SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1,
CRYPTO_LOCK_SSL_CTX ) #endif
   SSL_CTX_up_ref( c );
@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct
berval * if (!x) return LDAP_INVALID_CREDENTIALS;
 =09
   xn =3D X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
NULL ); der_dn->bv_val =3D xn->bytes->data;
 #else
@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct
berval return LDAP_INVALID_CREDENTIALS;
xn =3D X509_get_subject_name(x);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
defined(LIBRESSL_VERSION_NUMBER) der_dn->bv_len =3D i2d_X509_NAME( xn,
NULL ); der_dn->bv_val =3D xn->bytes->data;
 #else
@@ -721,7 +721,7 @@ struct tls_data {
   Sockbuf_IO_Desc		*sbiod;
 };
-#if OPENSSL_VERSION_NUMBER < 0x10100000
+#if OPENSSL_VERSION_NUMBER < 0x10100000 ||
defined(LIBRESSL_VERSION_NUMBER) #define BIO_set_init(b, x)
b->init =3D x #define BIO_set_data(b, x)	b->ptr =3D x
 #define BIO_clear_flags(b, x)	b->flags &=3D ~(x)
@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
   return tlso_bio_write( b, str, strlen( str ) );
 }
-#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
+#if OPENSSL_VERSION_NUMBER >=3D 0x10100000
&& !defined(LIBRESSL_VERSION_NUMBER) struct bio_method_st {
     int type;
     const char *name;
=20
--=20
pozdrawiam / with regards
Pawe=C5=82 P=C4=99kala

    