[email protected] wrote: > Full_Name: Mitchell Blank > Version: 2.4.43 > OS: linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (80.169.198.86) > > > Recently a couple alpha releases for OpenSSL 1.1.X have been posted on > www.openssl.org with the request that software be tested against them prior to > release.
Thanks for the report. There are clearly 2 issues the OpenSSL folks will have to resolve before this will work. https://mta.openssl.org/pipermail/openssl-dev/2016-January/004362.html https://mta.openssl.org/pipermail/openssl-dev/2016-January/004365.html > > I tried compiling the most recent OpenLDAP against it, but it failed. One of > the overarching changes that OpenSSL is making is that many of its datatypes > are > now only visible as opaque pointers (in other words, their layout and size are > considered private to OpenSSL itself) > > This caused the following compile errors in tls_o.c: > >> openldap-2.4.43/libraries/libldap/tls_o.c: In function âtlso_ctx_refâ: >> openldap-2.4.43/libraries/libldap/tls_o.c:199:20: error: dereferencing >> pointer > to incomplete type >> CRYPTO_add( &c->references, 1, CRYPTO_LOCK_SSL_CTX ); >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function >> âtlso_session_my_dnâ: >> openldap-2.4.43/libraries/libldap/tls_o.c:451:21: error: dereferencing >> pointer > to incomplete type > der_dn->bv_val = xn->bytes->data; >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function > âtlso_session_peer_dnâ: >> openldap-2.4.43/libraries/libldap/tls_o.c:478:21: error: dereferencing >> pointer > to incomplete type > der_dn->bv_val = xn->bytes->data; >> ^ >> openldap-2.4.43/libraries/libldap/tls_o.c: In function > âtlso_session_chkhostâ: >> openldap-2.4.43/libraries/libldap/tls_o.c:618:21: error: dereferencing >> pointer > to incomplete type >> if ( !OBJ_cmp( ne->object, obj )) { >> ^ > > > The last one can probably be replaced with a X509_NAME_ENTRY_get_object() > call. > I don't know enough about the X509_NAME API to know how to fix the > ->bytes->data > ones. > > For what it's worth, there were also a couple deprecated warnings: > >> openldap-2.4.43/libraries/libldap/tls_o.c:179:2: warning: >> âERR_remove_stateâ > is deprecated >> openldap-2.4.43/libraries/libldap/tls_o.c:1251:3: warning: > âDH_generate_parametersâ is deprecated > > Right now this isn't super urgency, but within a couple months OpenSSL 1.1.0 > is > expected to be released and suddenly a lot more people will be hitting this > issue. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
