[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8533) Support OpenSSL-1.1.0c

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8533) Support OpenSSL-1.1.0c
From: hyc@symas.com
Date: Thu, 06 Apr 2017 00:02:45 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

quanah@symas.com wrote:
> --On Wednesday, April 05, 2017 11:12 PM +0000 quanah@symas.com wrote:
>
>>> The following 5 function calls are problematic:
>>>
>>> ./.libs/libldap.so: undefined reference to `OpenSSL_add_all_digests'
>>> ./.libs/libldap.so: undefined reference to `SSL_load_error_strings'
>>> ./.libs/libldap.so: undefined reference to `ERR_free_strings'
>>> ./.libs/libldap.so: undefined reference to `EVP_cleanup'
>>> ./.libs/libldap.so: undefined reference to `SSL_library_init'
>
> The above can be fixed with the following patch:
>
> build@u12build:~/git/symas-packages/thirdparty/openldap/build/UBUNTU12_64/symas-openldap/libraries/libldap$
> diff -u tls_o.c.orig tls_o.c
> --- tls_o.c.orig        2017-04-05 14:40:02.849559862 -0700
> +++ tls_o.c     2017-04-05 15:13:09.371718493 -0700
> @@ -154,9 +154,16 @@
>         (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
>  #endif
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000

Are you sure about exactly when these functions were removed? The title of 
this ITS is for 1.1.0c, and the earlier patches were for 1.1.0a. For version 
1.1.0c we should be comparing to 0x1010003f, not 0x10100000.

>         SSL_load_error_strings();
>         SSL_library_init();
>         OpenSSL_add_all_digests();
> +#else
> +       OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
> +               | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
> +       OPENSSL_init_ssl(0, NULL);
> +       OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
> +#endif
>
>         /* FIXME: mod_ssl does this */
>         X509V3_add_standard_extensions();
> @@ -172,6 +179,7 @@
>  {
>         struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000
>         EVP_cleanup();
>  #if OPENSSL_VERSION_NUMBER < 0x10000000
>         ERR_remove_state(0);
> @@ -179,6 +187,9 @@
>         ERR_remove_thread_state(NULL);
>  #endif
>         ERR_free_strings();
> +#else
> +       ERR_remove_thread_state(NULL);
> +#endif
>
>         if ( lo->ldo_tls_randfile ) {
>                 LDAP_FREE( lo->ldo_tls_randfile );
>
>
> --Quanah
>
>
> --
>
> Quanah Gibson-Mount
> Product Architect
> Symas Corporation
> Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
> <http://www.symas.com>
>
>
>
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8533) Support OpenSSL-1.1.0c
Next by Date: Re: (ITS#8533) Support OpenSSL-1.1.0c
Index(es):
- Chronological
- Thread