File a bug at http://bugs.php.net and someone will take a look. Brian A. Seklecki wrote: > > Okay, problem fixed: > > 1) cd /usr/{ports,pkgsrc}/{net/php5-ldap,databases/php-ldap} on > {Free,Net}BSD respectively > > 2) sudo make configure > > 3) sudo vim > On FreeBSD > work/php-5.0.4/ext/ldap/config.h or.. > work/php-4.4.0/ext/ldap/config.h > > on NetBSD: > work/php-5.0.4/ext/ldap/config.h > > 4) Change: > /* Define to 1 if you have the `ldap_start_tls_s' function. */ > /* #undef HAVE_LDAP_START_TLS_S */ > > To: > > #define HAVE_LDAP_START_TLS_S 1 > > 5) sudo make install > > 6) carry on pretending that your employee data is secure > > $ cat ~/public_html/testtls.php > <? > > if (function_exists('ldap_start_tls')) > echo "I see it!\n"; > > ?> > > [0] seklecki@blah:/$ php ~/public_html/testtls.php > I see it! > > 7) ...sit around on your day off and try to determine how the following > piece of code from configure.sh was [ever] supposed to determine if > ldap_start_tls_s() was a valid function w/o including arguments > -I/usr/local/include, -L/usr/local/lib to gcc(1) or #including ldap.h or > lber.h, and wonder who is responsible >:} > > *cough* > > http://chora.php.net/diff.php/php-src/ext/ldap/config.m4?php=3c934ff67902f7c5ce419c901b82c77e&r1=1.23&r2=1.24&ty=h&num=10 > > > *cough* ... 8-) ...i dunno, maybe it "just works(r)" on Linux >:} > > > | /* confdefs.h. */ > | > | #define PACKAGE_NAME "" > | #define PACKAGE_TARNAME "" > | #define PACKAGE_VERSION "" > | #define PACKAGE_STRING "" > | #define PACKAGE_BUGREPORT "" > | #define COMPILE_DL_LDAP 1 > | #define HAVE_LDAP 1 > | #define HAVE_3ARG_SETREBINDPROC 1 > | /* end confdefs.h. */ > | /* Define ldap_start_tls_s to an innocuous variant, in case <limits.h> > declares ldap_start_tls_s. > | For example, HP-UX 11i <limits.h> declares gettimeofday. */ > | #define ldap_start_tls_s innocuous_ldap_start_tls_s > | /* System header to define __stub macros and hopefully few prototypes, > | which can conflict with char ldap_start_tls_s (); below. > | Prefer <limits.h> to <assert.h> if __STDC__ is defined, since > | <limits.h> exists even on freestanding compilers. */ > | > | #ifdef __STDC__ > | # include <limits.h> > | #else > | # include <assert.h> > | #endif > | > | #undef ldap_start_tls_s > | > | /* Override any gcc2 internal prototype to avoid an error. */ > | #ifdef __cplusplus > | extern "C" > | { > | #endif > | /* We use char because int might match the return type of a gcc2 > | builtin and then its argument prototype would still apply. */ > | char ldap_start_tls_s (); > | /* The GNU C library defines this for functions which it implements > | to always fail with ENOSYS. Some functions are actually named > | something starting with __ and the normal name is an alias. */ > | #if defined (__stub_ldap_start_tls_s) || defined > (__stub___ldap_start_tls_s) > | choke me > | #else > | char (*f) () = ldap_start_tls_s; > | #endif > | #ifdef __cplusplus > | } > | #endif > | > | int > | main () > | { > | return f != ldap_start_tls_s; > | ; > | return 0; > | } > > > > ~BAS > > On Sat, 3 Sep 2005, Brian A. Seklecki wrote: > >> >> Rasmus / all: >> >> I'll revert to that as path of last resort. The FreeBSD port >> mechanism for installing php extensions is administratively superior >> to maintaining source installations manually. Apache/PHP/LDAP/SSL/SQL >> cocktails on anything other than Linux are way too convuluted to not >> be using Ports, especially with the number of security advisories that >> come out. Without the XML vulnerability checklist from 'portaudit', >> you might as well grab your ankles. >> >> Anyway, It's not FreeBSD ports. The damn configure script in >> php{4,5}???/ext/ldap/ per the following: >> >> Update: The problem persists elsewhere than FreeBSD 5.3/i386. It's also >> happening on a NetBSD/i386 host with a -current (cvs -rHEAD) >> pkgsrc/databases/{,php-ldap-}openldap/ >> >> Okay, I traced it down: >> >> in /usr/ports/net/php5-ldap/work/php-5.0.4/ext/ldap/configure -> >> conftest -> ldap_start_tls_s(); >> ldap_start_tls_s return false -> ac_cv_func_ldap_start_tls_s=no in >> config.log >> config.log -> ldap.h -> #undef HAVE_LDAP_START_TLS_S >> config.c -> HAVE_LDAP_START_TLS_S -> PHP_FE(ldap_start_tls, NULL) >> >> ...therefore ldap_start_tls isn't registered. The question is why the >> conftest.c in GNU autoconf is failing with: >> >> configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5 >> /var/tmp//cc63HySI.o(.text+0x12): In function `main': >> : undefined reference to `ldap_start_tls_s' >> >> ...Which is odd since: >> >> >> php4$ grep -ir ldap_start_tls_s lib/* >> Binary file lib/libldap-2.2.so matches >> Binary file lib/libldap-2.2.so.7 matches >> Binary file lib/libldap.a matches >> Binary file lib/libldap.so matches >> Binary file lib/libldap_r-2.2.so matches >> Binary file lib/libldap_r-2.2.so.7 matches >> Binary file lib/libldap_r.a matches >> Binary file lib/libldap_r.so matches >> Binary file lib/pam_ldap.so matches >> >> php4$ grep -ir ldap_start_tls_s include/* >> include/ldap.h:ldap_start_tls_s LDAP_P(( >> include/php/main/php_config.h:/* Define if you have the >> ldap_start_tls_s function. */ >> include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */ >> >> >> $ nm lib/libldap-2.2.so.7|grep -i start_tls >> 0002b770 T ldap_start_tls_s >> >> and... >> >> php5$ grep -ir ldap_start_tls_s lib/* >> Binary file lib/libldap-2.2.so matches >> Binary file lib/libldap-2.2.so.7 matches >> Binary file lib/libldap.a matches >> Binary file lib/libldap.so matches >> Binary file lib/libldap_r-2.2.so matches >> Binary file lib/libldap_r-2.2.so.7 matches >> Binary file lib/libldap_r.a matches >> Binary file lib/libldap_r.so matches >> >> php5$ grep -ir ldap_start_tls_s include/* >> include/ldap.h:ldap_start_tls_s LDAP_P(( >> include/php/main/php_config.h:/* Define if you have the >> ldap_start_tls_s function. */ >> include/php/main/php_config.h:/* #undef HAVE_LDAP_START_TLS_S */ >> >> $ nm lib/libldap-2.2.so.7|grep -i start_tls >> 0002b770 T ldap_start_tls_s >> >> ..from 'make configure' in ports/net/php5-ldap/ >> >> checking for LDAP support... yes, shared >> checking for LDAP Cyrus SASL support... no >> checking for 3 arg ldap_set_rebind_proc... yes >> checking for ldap_parse_reference... no >> checking for ldap_start_tls_s... no >> checking for ldap_bind_s... yes >> >> >> ...from config.log: >> >> configure:5048: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5 >> /var/tmp//cc63HySI.o(.text+0x12): In function `main': >> : undefined reference to `ldap_start_tls_s' >> configure:5051: $? = 1 >> configure: failed program was: >> #line 5011 "configure" >> #include "confdefs.h" >> /* System header to define __stub macros and hopefully few prototypes, >> which can conflict with char ldap_start_tls_s (); below. */ >> #include <assert.h> >> /* Override any gcc2 internal prototype to avoid an error. */ >> #ifdef __cplusplus >> extern "C" >> #endif >> /* We use char because int might match the return type of a gcc2 >> builtin and then its argument prototype would still apply. */ >> char ldap_start_tls_s (); >> char (*f) (); >> #ifdef F77_DUMMY_MAIN >> # ifdef __cplusplus >> extern "C" >> # endif >> int F77_DUMMY_MAIN() { return 1; } >> #endif >> int >> main () >> { >> /* The GNU C library defines this for functions which it implements >> to always fail with ENOSYS. Some functions are actually named >> something starting with __ and the normal name is an alias. */ >> #if defined (__stub_ldap_start_tls_s) || defined >> (__stub___ldap_start_tls_s) >> choke me >> #else >> f = ldap_start_tls_s; >> #endif >> >> ; >> return 0; >> } >> configure:5067: result: no >> configure:5414: checking for ldap_bind_s >> configure:5457: cc -o conftest -O -pipe -march=pentium3 >> -R/usr/local/lib -L/usr/local/lib -lldap -R/usr/local/lib - >> L/usr/local/lib -llber conftest.c >&5 >> configure:5460: $? = 0 >> configure:5463: test -s conftest >> configure:5466: $? = 0 >> configure:5476: result: yes >> configure:5583: checking for ld used by GCC >> configure:5646: result: /usr/bin/ld >> configure:5655: checking if the linker (/usr/bin/ld) is GNU ld >> GNU ld version 2.15 [FreeBSD] 2004-05-23 >> configure:5667: result: yes >> configure:5672: checking for /usr/bin/ld option to reload object files >> configure:5679: result: -r >> configure:5684: checking for BSD-compatible nm >> configure:5720: result: nm >> configure:5723: checking for a sed that does not truncate output >> configure:5805: result: /usr/bin/sed >> configure:5808: checking whether ln -s works >> configure:5812: result: yes >> configure:5819: checking how to recognise dependent libraries >> configure:6001: result: pass_all >> configure:6013: checking command to parse nm output >> configure:6097: cc -c -O -pipe -march=pentium3 conftest.c >&5 >> configure:6100: $? = 0 >> configure:6104: nm conftest.o \| sed -n -e 's/^.*[ >> ]\([ABCDGISTW][ABCDGISTW]*\)[ ][ ]*\(\)\([_A-Za-z][_A- >> Za-z0-9]*\)$/\1 \2\3 \3/p' \> conftest.nm >> configure:6107: $? = 0 >> configure:6159: cc -o conftest -O -pipe -march=pentium3 conftest.c >> conftstm.o >&5 >> configure:6162: $? = 0 >> configure:6206: result: ok >> configure:6215: checking how to run the C preprocessor >> configure:6241: cc -E conftest.c >> configure:6247: $? = 0 >> configure:6274: cc -E conftest.c >> configure:6271:28: ac_nonexistent.h: No such file or directory >> configure:6280: $? = 1 >> configure: failed program was: >> #line 6270 "configure" >> #include "confdefs.h" >> #include <ac_nonexistent.h> >> configure:6317: result: cc -E >> configure:6332: cc -E conftest.c >> configure:6338: $? = 0 >> configure:6365: cc -E conftest.c >> configure:6362:28: ac_nonexistent.h: No such file or directory >> configure:6371: $? = 1 >> configure: failed program was: >> #line 6361 "configure" >> #include "confdefs.h" >> #include <ac_nonexistent.h> >> configure:6411: checking for ANSI C header files >> configure:6425: cc -E conftest.c >> configure:6431: $? = 0 >> configure:6518: cc -o conftest -O -pipe -march=pentium3 conftest.c >&5 >> configure:6521: $? = 0 >> >> ac_cv_func_ldap_start_tls_s=no >> >> >> From php_ldap.h: >> >> #if LDAP_API_VERSION > 2000 >> PHP_FUNCTION(ldap_start_tls); >> #endif >> >> From ldap.c: >> >> #ifdef HAVE_LDAP_START_TLS_S >> PHP_FE(ldap_start_tls, NULL) >> #endif >> >> >> >> #ifdef HAVE_LDAP_START_TLS_S >> /* {{{ proto bool ldap_start_tls(resource link) >> Start TLS */ >> PHP_FUNCTION(ldap_start_tls) >> { >> zval **link; >> ldap_linkdata *ld; >> int rc, protocol = LDAP_VERSION3; >> >> if (ZEND_NUM_ARGS() != 1 || zend_get_parameters_ex(1, &link) == >> FAILURE) { >> WRONG_PARAM_COUNT; >> } >> >> ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link", >> le_link); >> >> if (((rc = ldap_set_option(ld->link, LDAP_OPT_PROTOCOL_VERSION, >> &protocol)) != LDAP_SUCCESS) || >> ((rc = ldap_start_tls_s(ld->link, NULL, NULL)) != >> LDAP_SUCCESS) >> ) { >> php_error_docref(NULL TSRMLS_CC, E_WARNING,"Unable to >> start TLS: %s", ldap_err2string(rc)); >> RETURN_FALSE; >> } else { >> RETURN_TRUE; >> } >> } >> /* }}} */ >> #endif >> >> >> >> On Fri, 2 Sep 2005, Rasmus Lerdorf wrote: >> >>> Brian A. Seklecki wrote: >>> >>>> Firstly, sorry if this is the wrong list. There are thousands of >>>> forums >>>> and PHP5 related MLs, but nothing FBSD specific. >>>> >>>> Second, I wouldn't post if this wasn't happening on two completely >>>> different FBSD boxes. >>>> >>>> For whatever reason, the php4 and php5 from FreeBSD ports refuses to >>>> properly configure SSL/TLS support for the LDAP module. >>> >>> >>> Can't you just build from the PHP tarball instead? Seems like a messed >>> up port to me. I use FreeBSD all day, every day and haven't seen this >>> problem. But I also don't use the ports. >>> >>> -Rasmus >>> >> >> l8* >> -lava >> >> x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8 >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > l8* > -lava > > x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
