Full_Name: Ryan Tandy
OS: Debian unstable
Submission from: (NULL) (188.8.131.52)
Debian bug report: https://bugs.debian.org/745231
Quoting Andreas Metzler:
"given that gmp has been dual-licensed LGPLv3+/GPLv2+ it should be possible to
switch openldap over to the newer version of gnutls.
Upstream's 0205e83f4670d10ad3c6ae4b8fc5ec1d0c7020c0 lets the Debian package
build successfully (including testsuite).
The only reason GnuTLS support exists in OpenLDAP is because of Debian.
Therefore, if Debian no longer uses libgcrypt, I'm happy to rip all of that
crap out. There's no reason for us to even keep optional support for it
because that gives the mistaken impression that we endorse its use. Which we
most vehemently do not.
However even with patch there is still some work to be done.
libraries/libldap/tls_g.c has some gcrypt related code that should be simply
unnecessary with gnutls3, therefore it should not link against libgcrypt either.
(Except for contrib/slapd-modules/smbk5pwd/smbk5pwd.c)."
The following changes make gcrypt optional for libldap. For versions where both
nettle and gcrypt are supported, I assume the default since no mechanism is
provided for detecting which is actually in use.
Yet another flaw in GnuTLS design...
Tested with GnuTLS 2.8.6 and
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/