Well, if you are going to ignore the port maintainer who actually has this working already, then just be careful with your MDB files if you are trying to build without the patches that are in ports.
On 2021/06/26 19:39, C. G. wrote: > There must be a problem about the OpenLDAP package build against LibreSSL. I > can see on Google > that there are several cases of issues with OpenLDAP building against > LibreSSL. I will try to > build from source without using the OpenBSD ports and will come back later. > > I'm pretty sure the OpenLDAP package nor the port hes no LibreSSL support. > ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ > De : Stuart Henderson <s...@spacehopper.org> > Envoyé : samedi 26 juin 2021 18:11 > À : C. G. <idxtra...@hotmail.com> > Cc : bugs@openbsd.org <bugs@openbsd.org> > Objet : Re: Unable to make OpenLDAP work with TLS > > On 2021/06/26 12:51, C. G. wrote: > > I think it's a LIbreSSL-related issue, because I did the same exact > > config procedure on Ubuntu, CentOS, FreeBSD, OmniOS, and it worked, > > and on the only OS that uses LibreSSL, it doesn't work. > > What can I say; I am running OpenLDAP 2.4.58 slapd on OpenBSD 6.9 and it > works for me with TLSv1.3 connections, so there clearly is a way to do it. > > > It's untolerable that the "most secure OS on the planet" isn't able to > > use encrypted connections with TLS 1.3 in Apache and OpenLDAP during a > > full release, I mean, that's not serious. LibreSSL just breaks things, > > to my POV. > > Don't tolerate then; you are free to either debug the issue or use > another OS if OpenBSD doesn't suit you. Nobody is forcing you to use it. > > Apache httpd will not support TLSv1.3 itself with the current version of > libressl. Hopefully that will change soon but if that is a show stopper > and you don't want an alternative (e.g. offload the TLS to a reverse > proxy) then OpenBSD isn't suitable for you at this time. >
