Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 245934

Summary: dev-libs/openssl with app-crypt/heimdal - compatibility issue
Product: Gentoo Linux Reporter: Michael Hammer (RETIRED) <mueli>
Component: New packagesAssignee: Gentoo Kerberos Maintainers <kerberos>
Status: RESOLVED WONTFIX    
Severity: normal CC: 4glitch, base-system, dan
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: openssl-0.9.8i-heimdal-partial.patch
openssl-0.9.8i-heimdal-partial.patch

Description Michael Hammer (RETIRED) gentoo-dev 2008-11-07 09:31:09 UTC 
dev-libs/openssl won't compile with app-crypt/heimdal. As I am kerberos maintainer and not openssl maintainer I'd like to ask if upstream (or our openssl maintainer) is able to fix that issue?

greets, mueli
Comment 1 Honza Macháček 2008-11-23 14:48:36 UTC 
Created attachment 172942 [details, diff]
openssl-0.9.8i-heimdal-partial.patch

Only a partial Heimdal compatibility patch.

Several straightforward translations from the MIT to the Heimdal dialect done, but the part of kssl.c from TKT2tkt on not dealt with yet.

The TKT2tkt function uses a variable of krb5_ticket type, but the types of the same name in mit-krb5 and heimdal differ. The MIT type looks more like the Ticket type of Heimdal, but neither that can be directly substituted for krb5_ticket of mit-krb5. Possibly a deeper rewrite of the TKT2tkt or even kssl_sget_tkt function (apparently the only one using TKT2tkt) will be needed.
Comment 2 Honza Macháček 2008-11-24 21:01:05 UTC 
Created attachment 173273 [details, diff]
openssl-0.9.8i-heimdal-partial.patch

A small correction of my foolish mistake that broke compatibility with mit-krb5. Otherwise just the partial patch already reported, no advance yet.
Comment 3 SpanKY gentoo-dev 2008-11-28 04:34:12 UTC 
base-system has no plans to touch anything kerberos related.  if the kerberos guys want to handle it, then that sounds fine to me.

i dont see anything crazy in that patch.  feel free to add a openssl-0.9.8i-r1 with patch and associated DEPEND changes.
Comment 4 Michael Hammer (RETIRED) gentoo-dev 2008-12-06 09:19:51 UTC 
Hi!

Thx for your great work honza. The problem I see is the long term work because we would have to maintain the patch for each openssl release. At the end we might end in a situation like the sidebar patch in mutt ;)

The best would really be if upstream accepts the patch. @Honza: Would you be so kind and send the patch to openssl upstream? Have you already tried? If you do so - could you post a gmane link to the mailing thread?

g, mueli
Comment 5 Eray Aslan gentoo-dev 2010-08-18 19:45:30 UTC 
I am not going to accept this patch.  In the openssl case, patches really do need to be scrutinized closely and belong upstream.  Not enough eyeballs here.  Closing.