support for libressl 2.9

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

support for libressl 2.9

Jerry
Hi.  I am trying to compile Kerberos v1.17 with LibreSSL 2.9.x, but I
get error messages about not finding the header file 'asn1_mac.h'.  In
LibreSSL 2.9.0, that header file was removed.  I tried a few obvious
tricks with the #if #include options but encountered other errors.  Is
there a patch to allow Kerberos to compile with LibreSSL?
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: support for libressl 2.9

Greg Hudson
On 11/5/19 8:41 PM, Jerry wrote:
> Hi.  I am trying to compile Kerberos v1.17 with LibreSSL 2.9.x, but I
> get error messages about not finding the header file 'asn1_mac.h'.  In
> LibreSSL 2.9.0, that header file was removed.  I tried a few obvious
> tricks with the #if #include options but encountered other errors.  Is
> there a patch to allow Kerberos to compile with LibreSSL?

That's a little odd.  asn1_mac.h is only included from
pkinit_crypto_openssl.h, conditionally:

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
#include <openssl/asn1t.h>
#else
#include <openssl/asn1_mac.h>
#endif

LibreSSL defines OPENSSL_VERSION_NUMBER as 0x20000000L (a somewhat
contentious choice, but not for this particular reason).  So I'm not
sure why you're seeing the code trying to include asn1_mac.h.

Regardless, we don't test against LibreSSL, but you might try the
patches from the FreeBSD port:

https://github.com/freebsd/freebsd-ports/tree/master/security/krb5-117/files
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos