Re: lib/53675: ldaps appears to be broken

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,brad%anduin.eldar.org@localhost
Subject: Re: lib/53675: ldaps appears to be broken
From: Brad Spencer <brad%anduin.eldar.org@localhost>
Date: Thu, 8 Aug 2019 12:10:01 +0000 (UTC)

The following reply was made to PR lib/53675; it has been noted by GNATS.

From: Brad Spencer <brad%anduin.eldar.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: lib-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: lib/53675: ldaps appears to be broken
Date: Thu, 08 Aug 2019 08:07:49 -0400

 coypu%sdf.org@localhost writes:

 > The following reply was made to PR lib/53675; it has been noted by GNATS.
 >
 > From: coypu%sdf.org@localhost
 > To: gnats-bugs%netbsd.org@localhost
 > Cc: 
 > Subject: Re: lib/53675: ldaps appears to be broken
 > Date: Tue, 6 Aug 2019 07:25:22 +0000
 >
 >  I recommend reporting this problem upstream.
 >  - Is the problem to do with too new OpenSSL, or to do with netbsd
 >    changes?
 >  
 >  Comparing to another OS that uses the same major version OpenSSL will be
 >  good (e.g. some of the up to date linuxes)
 >  

 I did some more work on this bug.

 I got a 9.0_BETA system built with a pkgsrc openldap which is compiled
 against the system libcrypto.so (1.1.1c) and it works fine with ldaps.
 This mostly leads me to conclude that the intree openldap version, which
 appears to be 2.4.45 (labeled 2.4.23), should be updated.  An
 alternative might be to set something like PREFER_PKGSRC=openldap-client
 when building packages, but that would still leave a broken intree set
 of ldap utilities.  As it stands right now anything built with pkgsrc
 that uses the ldap client and expects working TLS will fail.

 There are entries in the CHANGES file for openldap 2.4.47 (the pkgsrc
 version) that seem to indicate that support for OpenSSL >= 1.1.1a was
 added after 2.4.45.

 OpenLDAP 2.4.46 Release (2018/03/22)
 Fixed libldap OpenSSL 1.1.1 compatibility with BIO_method (ITS#8791)

 I won't have time in the near term, personally, to try and get a new
 version into the tree, but I highly advocate for this update.  I can
 probably test any changes.

 -- 
 Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS - http://anduin.eldar.org

Prev by Date: Re: lib/53675: ldaps appears to be broken
Next by Date: PR/54443 CVS commit: src/sys/external/bsd/ipf/netinet
Previous by Thread: Re: lib/53675: ldaps appears to be broken
Next by Thread: lib/53676: lib/libcurses/t_curses/background test case fails
Indexes:

Home | Main Index | Thread Index | Old Index