Bug#263835: slapd: I'm working on the GnuTLS patch for OpenLDAP 2.2
2005 m. February 12 d., Saturday 01:53, js rate: Hi Torsten, You know that the OpenSSL compat layer has nearly identical issues to the OpenSSL lib itself? The old patch did not use it because of them. The only problems I'm aware of are licensing issues. Compat layer is licensed under GPL, isn't it? Are there any other issues? Actually, compat layer is quite crappy by itself. I've just taken some ideas from it. Nice! But as I said the compat layer will pose a problem. And - I am working on a patch for current OpenLDAP CVS as well together with somebody from univention.de. I'd rather use something I can fix instead of using third party code again and trying to keep it alive later. What direction are you going? Are you rewriting tls.c and other parts of OpenLDAP code implementing OpenSSL API or try to simulate OpenSSL behavior (produce compatibility layer)? I've gone the latter way although some functions are almost impossible to simulate. Your help is of course very welcome, I'd like to join forces to get this up and running. No problem. I could help. I could move my current working tree to svn.debian.org or something if needed. This would be grate. Regards, Modestas pgplLCl0Wkaim.pgp Description: PGP signature
Bug#263835: slapd: I'm working on the GnuTLS patch for OpenLDAP 2.2
Hi Modestas, On Sat, Feb 12, 2005 at 02:26:10PM +0200, Modestas Vainius wrote: You know that the OpenSSL compat layer has nearly identical issues to the OpenSSL lib itself? The old patch did not use it because of them. The only problems I'm aware of are licensing issues. Compat layer is licensed under GPL, isn't it? Are there any other issues? I am not a lawyer. I only remember that debian-legal found out that we can't link OpenLDAP against OpenSSL and that the GnuTLS compat layer is also not a solution. Basically I don't think we need a compat layer anyway as tls.c is all in OpenLDAP that knows about TLS (not counting that few hacks in other places) and it does not use much of OpenSSL. Therefore I think the best idea is to just use GnuTLS directly. Actually, compat layer is quite crappy by itself. I've just taken some ideas from it. Good. What direction are you going? Are you rewriting tls.c and other parts of OpenLDAP code implementing OpenSSL API or try to simulate OpenSSL behavior (produce compatibility layer)? I've gone the latter way although some functions are almost impossible to simulate. I am going the first way. I think simulating OpenSSL via GnuTLS creates more problems than it solves. Therefore I am accessing GnuTLS directly. Your help is of course very welcome, I'd like to join forces to get this up and running. No problem. I could help. Fine! I could move my current working tree to svn.debian.org or something if needed. This would be grate. Done. It is available at svn://svn.debian.org/svn/pkg-openldap/projects/ldap-tls/trunk I can enable write access if you got an alioth account. Greetings Torsten signature.asc Description: Digital signature
Bug#263835: slapd: I'm working on the GnuTLS patch for OpenLDAP 2.2
Package: slapd Version: 2.2.23-0.mdx.1 Followup-For: Bug #263835 Hello, I want to announce that I'm working on the GnuTLS patch for OpenLDAP 2.2. It is based on the current patch for OpenLDAP 2.1 and on the OpenSSL compatibility layer from the GnuTLS library. Here are the goals I'm trying to achieve: * Thread-safe error handling * Minimize patches to the OpenLDAP code to bear minimum * Compatibily with both OpenLDAP 2.1 and 2.2 (and probably future versions) * Get rid of using obsolete/depreciated GnuTLS API * Implement missing features in the 2.1 patch (such as SASL EXTERNAL support) Currently, I'm at the testing/debugging stage. If everything goes well, the initial version of the patch should be ready this weekend/next week. -- System Information: Debian Release: 3.1 Architecture: amd64 (x86_64) Kernel: Linux 2.6.8-10-amd64-k8 Locale: LANG=lt_LT, LC_CTYPE=lt_LT (charmap=ISO-8859-13) Versions of packages slapd depends on: ii coreutils [fil 5.2.1-2 The GNU core utilities ii debconf1.4.45Debian configuration management sy ii libc6 2.3.2.ds1-20.0.0.1.pure64 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [ ii libiodbc2 3.52.2-3 iODBC Driver Manager ii libldap2.2 2.2.23-0.mdx.1OpenLDAP libraries ii libltdl3 1.5.6-4 A system independent dlopen wrappe ii libperl5.8 5.8.4-6 Shared Perl library ii libsasl2 2.1.19-1.5Authentication abstraction library ii libslp11.0.11a-1 OpenSLP libraries ii libwrap0 7.6.dbs-6 Wietse Venema's TCP wrappers libra ii perl [libmime- 5.8.4-6 Larry Wall's Practical Extraction ii psmisc 21.5-1Utilities that use the proc filesy -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#263835: [debian-openldap] Bug#263835: slapd: I'm working on the GnuTLS patch for OpenLDAP 2.2
* Modestas Vainius ([EMAIL PROTECTED]) wrote: I want to announce that I'm working on the GnuTLS patch for OpenLDAP 2.2. It is based on the current patch for OpenLDAP 2.1 and on the OpenSSL compatibility layer from the GnuTLS library. Here are the goals I'm trying to achieve: * Thread-safe error handling * Minimize patches to the OpenLDAP code to bear minimum * Compatibily with both OpenLDAP 2.1 and 2.2 (and probably future versions) * Get rid of using obsolete/depreciated GnuTLS API * Implement missing features in the 2.1 patch (such as SASL EXTERNAL support) Currently, I'm at the testing/debugging stage. If everything goes well, the initial version of the patch should be ready this weekend/next week. Awesome! Very glad to hear it. It'd be great if you could see about getting upstream to incorporate your patch too. Stephen signature.asc Description: Digital signature
Bug#263835: slapd: I'm working on the GnuTLS patch for OpenLDAP 2.2
Hi Modestas, On Sat, Feb 12, 2005 at 12:57:31AM +0200, Modestas Vainius wrote: I want to announce that I'm working on the GnuTLS patch for OpenLDAP 2.2. It is based on the current patch for OpenLDAP 2.1 and on the OpenSSL compatibility layer from the GnuTLS library. You know that the OpenSSL compat layer has nearly identical issues to the OpenSSL lib itself? The old patch did not use it because of them. Here are the goals I'm trying to achieve: * Thread-safe error handling * Minimize patches to the OpenLDAP code to bear minimum * Compatibily with both OpenLDAP 2.1 and 2.2 (and probably future versions) * Get rid of using obsolete/depreciated GnuTLS API * Implement missing features in the 2.1 patch (such as SASL EXTERNAL support) Currently, I'm at the testing/debugging stage. If everything goes well, the initial version of the patch should be ready this weekend/next week. Nice! But as I said the compat layer will pose a problem. And - I am working on a patch for current OpenLDAP CVS as well together with somebody from univention.de. I'd rather use something I can fix instead of using third party code again and trying to keep it alive later. Your help is of course very welcome, I'd like to join forces to get this up and running. I could move my current working tree to svn.debian.org or something if needed. I hope we can work out something reasonable and more stable than the last patch. Thanks! Torsten signature.asc Description: Digital signature
