Backporting to stretch: OpenSSL versions mix

wferi at niif.hu wferi at niif.hu
Tue Mar 19 09:38:47 GMT 2019


Etienne Dysli Metref <etienne.dysli-metref at switch.ch> writes:

> Well this isn't going as smoothly as I had hoped... :/ I get a build
> failure just by changing the build dependency for xml-security-c to
> OpenSSL 1.0:
>
>> enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp: In member function 'virtual unsigned int OpenSSLCryptoKeyDSA::signBase64Signature(unsigned char*, unsigned int, char*, unsigned int) const': 
>> enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp:401:55: error: 'BN_bn2binpad' was not declared in this scope if (BN_bn2binpad(dsaSigR, rawSigBuf, DSAsigCompLen) <= 0) { ^ 
>> enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp:406:69: error: 'BN_bn2binpad' was not declared in this scope if (BN_bn2binpad(dsaSigS, rawSigBuf+DSAsigCompLen, DSAsigCompLen) <= 0) { ^
>> Makefile:3194: recipe for target 'enc/OpenSSL/libxml_security_c_la-OpenSSLCryptoKeyDSA.lo' failed

Try reverting c03764e9a6f1efe97053d1a1aa5a1a3a61a875d6.  Looks like that
fix requires OpenSSL 1.1.  Of course then you can expect occasional test
failures, so backporting it to OpenSSL 1.0 would be preferable.  This is
a rather shady part of the code, the discussion died off without
reaching conclusion.
-- 
Feri



More information about the Pkg-shibboleth-devel mailing list