[Dovecot] dovecot 1.2.6 fails to build with openssl < 0.9.8
The update of ssl_proxy_get_security_string() in dovecot 1.2.6 has broken compatibility with openssl < 0.9.8 (e.g. on RHEL4) because the functions SSL_COMP_get_name and SSL_get_current_compression don't exist until openssl 0.9.8 (build fails at link time due to these symbols being unresolved). I've worked around this by reverting the function to the 1.2.5 version for now but I think a better solution would be to have a configure test for these functions and only include the SSL compression details when they're available.
Cheers, Paul.
Am 07.10.2009 um 10:44 schrieb Paul Howarth:
I've worked around this by reverting the function to the 1.2.5 version for now but I think a better solution would be to have a configure test for these functions and only include the SSL compression details when they're available.
Which I believe was done here:
http://www.dovecot.org/list/dovecot/2009-October/043335.html
On Wed, 7 Oct 2009 10:52:14 +0200 Thomas Leuxner tlx@leuxner.net wrote:
Am 07.10.2009 um 10:44 schrieb Paul Howarth:
I've worked around this by reverting the function to the 1.2.5 version for now but I think a better solution would be to have a configure test for these functions and only include the SSL compression details when they're available.
Which I believe was done here:
http://www.dovecot.org/list/dovecot/2009-October/043335.html
My apologies; should have looked further down the archives before posting.
Paul.
On Wed, 7 Oct 2009 10:52:14 +0200 Thomas Leuxner tlx@leuxner.net wrote:
Am 07.10.2009 um 10:44 schrieb Paul Howarth:
I've worked around this by reverting the function to the 1.2.5 version for now but I think a better solution would be to have a configure test for these functions and only include the SSL compression details when they're available.
Which I believe was done here:
http://www.dovecot.org/list/dovecot/2009-October/043335.html
Which leads to: http://hg.dovecot.org/dovecot-1.2/rev/4add5c3f13ea
Actually the fix looks slightly wrong to me, and it'll dereference a NULL pointer in t_strdup_printf with openssl < 0.9.8. The setting of comp_str to NULL if HAVE_SSL_COMPRESSION is not set should be changed to setting comp_str to "" I believe.
Paul.
On Wed, 2009-10-07 at 10:51 +0100, Paul Howarth wrote:
Which leads to: http://hg.dovecot.org/dovecot-1.2/rev/4add5c3f13ea
Actually the fix looks slightly wrong to me, and it'll dereference a NULL pointer in t_strdup_printf with openssl < 0.9.8. The setting of comp_str to NULL if HAVE_SSL_COMPRESSION is not set should be changed to setting comp_str to "" I believe.
Right. Thanks. Fixed properly now:
http://hg.dovecot.org/dovecot-1.2/rev/0aa7357761a5
Although at least with Linux it wouldn't have crashed but instead just added "(null)" text.
participants (3)
-
Paul Howarth
-
Thomas Leuxner
-
Timo Sirainen