--On Friday, February 23, 2018 5:07 PM +0000 Howard Chu hyc@symas.com wrote:

quanah@openldap.org wrote:

...

Full_Name: Quanah Gibson-Mount Version: HEAD OS: N/A URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (47.208.148.239)

When attempting to link OpenLDAP to OpenSSL 1.0.2 series, where OpenSSL has been built with deprecated API's disabled, the build will fail. This is because RSA_F4 is deprecated in 1.0.2. In master, this is around line 1367:

# if OPENSSL_VERSION_NUMBER < 0x10100000 static RSA * tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )

...

This function needs to check < 1.0.2 rather than < 1.1

That would only be true if the RSA callback is not needed at all in 1.0.2. Is that true?

Not sure. Exact error is in RE24 is:

tls_o.c:1184:25: error: 'RSA_F4' undeclared (first use in this function) if ( BN_set_word( bn, RSA_F4 )) {

so it dies before we get to the RSA_generate_key_ex function itself.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com