[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OpenLDAP uses crypt() of OpenSSL instead of system libraries (ITS#2123)



> -----Original Message-----
> From: Kervin L. Pierre [mailto:kervin@blueprint-tech.com]

> I know I'm going to annoy some people by saying this, I apologize in
> advance.  But this is definately an OpenLDAP bug.

I understand that you're trying to offer a helpful perspective, but you are
still wrong. "The OpenSSL library is defective" is a statement of fact, not
opinion.
>
> It is entirely reseanable for two libraries to export the
> same function
> name.  It is up to OpenLDAP's build environment to make sure
> it gets the
> function it expects.  Maybe by specifying the library link order.

No. That's called "namespace pollution" and 3rd party libraries are not
supposed to export functions that collide with libc.
>
> There should be an easier way to do this that to patch OpenSSL.

Try using OpenSSL 0.9.7beta, this bug has already been fixed in the newer
code so no patch is required. The fact that this collision is a problem for
more software than just OpenLDAP, and the fact that the OpenSSL team has
acknowledged the bug and fixed it in their newer code, also reiterates the
point. This is a known bug in the OpenSSL 0.9.6 libraries.
>
> How about the solution he suggested? ie. -lcrypt before
> -lcrypto in the
> makefiles
>
> We could also specify -lc before -lcrypto for platforms without a
> libcrypt maybe.

Juggling library link order is a hack, not a solution. It will also make
linking of 3rd party apps with libldap an unpredictable mess.

> hyc@highlandsun.com wrote:
> > The OpenSSL library is defective. See the FAQ-o-Matic.
> > http://www.openldap.org/faq/data/cache/185.html
> >
> > This is not an OpenLDAP bug, this issue will be closed.
> >
> >   -- Howard Chu
> >   Chief Architect, Symas Corp.       Director, Highland Sun
> >   http://www.symas.com               http://highlandsun.com/hyc
> >   Symas: Premier OpenSource Development and Support