Full_Name: Daniel Jonathan Kurtz Version: 2.4.45 OS: linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2401:fa00:1:b:dcfc:ce39:b80:8f26)

openldap 2.4.45 fails to link when built against openssl 1.1 built w/ the default "no-egd" option:

libtool: link: x86_64-cros-linux-gnu-clang -O2 -pipe -O2 -pipe -march=corei7 -g -fno-exceptions -fno-unwind-tables -fno-asynchronous-unwind-tables -clang-syntax -Wl,-O1 -Wl,-O2 -Wl,--as-needed -o .libs/ltest test.o ./.libs/libldap.so libraries/liblber/.libs/liblber.so ../../libraries/liblber/.libs/liblber.so ../../libraries/liblutil/liblutil.a -lssl -lcrypto -lresolv ./.libs/libldap.so: error: undefined reference to 'RAND_egd'

RAND_egd does not exist because OpenSSL was built with the default settings which, as of 1.1, has "EGD" disabled by default [0].

[0] 0423f812dc Add a no-egd option to disable EGD-related code

*) EGD is no longer supported by default; use enable-egd when configuring. [Ben Kaduv and Rich Salz]

The RAND_egd reference is in libraries/libldap/tls_o.c:

static int tlso_seed_PRNG( const char *randfile ) { #ifndef URANDOM_DEVICE /* no /dev/urandom (or equiv) */ long total=0; char buffer[MAXPATHLEN];

if (randfile == NULL) { /* The seed file is $RANDFILE if defined, otherwise $HOME/.rnd. * If $HOME is not set or buffer too small to hold the pathname, * an error occurs. - From RAND_file_name() man page. * The fact is that when $HOME is NULL, .rnd is used. */ randfile = RAND_file_name( buffer, sizeof( buffer ) );

} else if (RAND_egd(randfile) > 0) { /* EGD socket */ return 0; }

if (randfile == NULL) { Debug( LDAP_DEBUG_ANY, "TLS: Use configuration file or $RANDFILE to define seed PRNG\n", 0, 0, 0); return -1; } ...

It seems like we should be able to make the "else if (RAND_egd(randfile) > 0)" block conditional on "#if !defined(OPENSSL_NO_EGD)" to work around this issue