[38623] in Kerberos
Re: support for libressl 2.9
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Nov 6 00:47:50 2019
To: Jerry <jerryyhom@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <9e7d361b-1528-511d-fb35-fdbd1ebcd10d@mit.edu>
Date: Wed, 6 Nov 2019 00:47:23 -0500
MIME-Version: 1.0
In-Reply-To: <c3312b61-06b3-9953-f7df-422bb305bcdf@gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/5/19 8:41 PM, Jerry wrote:
> Hi. I am trying to compile Kerberos v1.17 with LibreSSL 2.9.x, but I
> get error messages about not finding the header file 'asn1_mac.h'. In
> LibreSSL 2.9.0, that header file was removed. I tried a few obvious
> tricks with the #if #include options but encountered other errors. Is
> there a patch to allow Kerberos to compile with LibreSSL?
That's a little odd. asn1_mac.h is only included from
pkinit_crypto_openssl.h, conditionally:
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/asn1t.h>
#else
#include <openssl/asn1_mac.h>
#endif
LibreSSL defines OPENSSL_VERSION_NUMBER as 0x20000000L (a somewhat
contentious choice, but not for this particular reason). So I'm not
sure why you're seeing the code trying to include asn1_mac.h.
Regardless, we don't test against LibreSSL, but you might try the
patches from the FreeBSD port:
https://github.com/freebsd/freebsd-ports/tree/master/security/krb5-117/files
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
