On Wed, Aug 28, 2019 at 01:04:25AM +0000, [email protected] wrote: > The GnuTLS documentation states: >> Do not call this function from a library, or preferably from any application >> unless really needed to. > > I disobeyed that guidance in commit 829027945, because I wasn't sure that > GnuTLS's own threading support would cover all the platforms libldap does. > This > choice caused some bugs, e.g. <https://bugs.debian.org/803197> and > <https://www.openldap.org/its/?findid=8797>. > > I don't know how to find out for sure whether anyone builds libldap with > GnuTLS > on a system where it lacks native mutexes. I think at this point I would > rather > fix the known broken cases, over the risk of potentially breaking a > theoretical > setup I'm not sure actually exists. > > Therefore: I now propose applying this change for 2.5.
A similar change (making tlso_thr_init a no-op) has been introduced in ITS#8533 when compiling with OpenSSL 1.1.0+, so I gather it should be fine for GnuTLS as well. Regards, -- OndÅej KuznÃk Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
