ryan@nardis.ca wrote:
Full_Name: Ryan Tandy Version: HEAD OS: Debian unstable URL: Submission from: (NULL) (142.32.208.235)
Debian bug report: https://bugs.debian.org/745231
Quoting Andreas Metzler:
"given that gmp has been dual-licensed LGPLv3+/GPLv2+ it should be possible to switch openldap over to the newer version of gnutls.
Upstream's 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 lets the Debian package build successfully (including testsuite).
The only reason GnuTLS support exists in OpenLDAP is because of Debian. Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that crap out. There's no reason for us to even keep optional support for it because that gives the mistaken impression that we endorse its use. Which we most vehemently do not.
However even with patch there is still some work to be done. libraries/libldap/tls_g.c has some gcrypt related code that should be simply unnecessary with gnutls3, therefore it should not link against libgcrypt either. (Except for contrib/slapd-modules/smbk5pwd/smbk5pwd.c)."
The following changes make gcrypt optional for libldap. For versions where both nettle and gcrypt are supported, I assume the default since no mechanism is provided for detecting which is actually in use.
Yet another flaw in GnuTLS design...
Tested with GnuTLS 2.8.6 and 3.2.15.