Full_Name: Quanah Gibson-Mount
Version: HEAD
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.239)


When attempting to link OpenLDAP to OpenSSL 1.0.2 series, where OpenSSL has been
built with deprecated API's disabled, the build will fail.  This is because
RSA_F4 is deprecated in 1.0.2.  In master, this is around line 1367:

#if OPENSSL_VERSION_NUMBER < 0x10100000
static RSA *
tlso_tmp_rsa_cb( SSL *ssl, int is_export, int key_length )
{
    RSA *tmp_rsa;
    /* FIXME:  Pregenerate the key on startup */
    /* FIXME:  Who frees the key? */
#if OPENSSL_VERSION_NUMBER >= 0x00908000
    BIGNUM *bn = BN_new();
    tmp_rsa = NULL;
    if ( bn ) {
        if ( BN_set_word( bn, RSA_F4 )) {
            tmp_rsa = RSA_new();
            if ( tmp_rsa && !RSA_generate_key_ex( tmp_rsa, key_length, bn, NULL
)) {
                RSA_free( tmp_rsa );
                tmp_rsa = NULL;
            }
        }
        BN_free( bn );
    }
#else
    tmp_rsa = RSA_generate_key( key_length, RSA_F4, NULL, NULL );
#endif

    if ( !tmp_rsa ) {
        Debug( LDAP_DEBUG_ANY,
            "TLS: Failed to generate temporary %d-bit %s RSA key\n",
            key_length, is_export ? "export" : "domestic", 0 );
    }
    return tmp_rsa;
}
#endif /* OPENSSL_VERSION_NUMBER < 1.1 */


This function needs to check < 1.0.2 rather than < 1.1

Reply via email to