The problem is that RH9 put kerboros headers outside the include path but they compiled openssl with kerboros support. As a result, programs that use openssl don't compile unless /usr/kerberos/include is added to -I. I got around this by compiling without kerkeros support:
-DOPENSSL_NO_KRB5 Cheers, Jeff On Thu, Jan 08, 2004 at 12:19:45PM -0600, Fred Crable wrote: > I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I > was wondering what libs I needed to stop the following link errors? They look like > Kerberos lib functions, but I'm not finding them defined with "nm" in any of the > /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be > missing an RPM or something? I didn't have to include -lkrb5 before, but I was > trying it to resolve some of the symbols. It did resolve some, but not all. > > >From my System: > [EMAIL PROTECTED] root]# uname -r > 2.4.21-4.0.1.EL > [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h > krb5-devel-1.2.7-19 > [EMAIL PROTECTED] lib]# rpm -q openssl > openssl-0.9.7a-22.1 > > Thanks! > > /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kssl.o)(.text+0x1f3): In > function `populate_cksumlens': > : undefined reference to `krb5_checksum_size' > /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function > `krb5_auth_con_initivector': > : undefined reference to `krb5_c_block_size' > /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function > `krb5_decrypt_tkt_part': > : undefined reference to `valid_enctype' > /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function > `krb5_decrypt_tkt_part': > : undefined reference to `krb5_c_decrypt' > /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': > : undefined reference to `krb5_c_random_seed' > /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function > `krb5_set_default_in_tkt_ktypes': > : undefined reference to `valid_enctype' > > Thank You, > Fred Crable > > > -----Original Message----- > > From: Jeff Fulmer [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 08, 2004 9:42 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Kerberos support? > > > > > > On Wed, Jan 07, 2004 at 11:59:13AM -0000, > > [EMAIL PROTECTED] wrote: > > > > > > > > Hi, > > > > > > > > I'm the author of siege, an open source http regression tester. I > > > > recently started to recieve complaints from users on Red Hat 9.0 > > > > systems. Apparently openssl is built with kerberos > > support on red > > > > hat 9.0 and it requires krb5.h which is in /usr/kerberos/include > > > > How can I detect if openssl was built with kerberos support? > > > > > > > > Second Red Hat 9.0 users are experiencing crashes when siege is > > > > using https protocol, ie, openssl libs. Several people have > > > > experienced > > > > this problem but were unable to replicate it on another > > > > system. Is there > > > > a known issue with openssl on Red Hat 9.0? I have not yet > > recieved a > > > > meaningful stacktrace. > > > > > > > > Cheers, > > > > Jeff > > > > > > > > > > Have you checked with Red Hat's bugzilla > > > (https://bugzilla.redhat.com/bugzilla)? "rpm -q openssl" > > should give you > > > "openssl-0.9.7a-20" if you've got the latest version > > installed, which was > > > released last year. > > > > > > The rpmdb-redhat rpm package can show you which package has > > which file: > > > > > > rpm -q --redhatprovides /usr/kerberos/include/krb5.h > > > krb5-devel-1.2.7-10 > > > > Unfortunately I don't have access to a Red Hat system. I use > > SuSE. I've > > been forced to rely on siege users to assist with this issue. > > I checked > > out bugzilla, thanks for the link. Somebody posted a > > complaint that the > > kerboros headers were in /usr/kerboros/include but since > > openssl relies > > on them, people are experiencing compile time errors. Of course, we > > already knew that ;-) > > > > > A bit odd that you'll need a devel package for a running > > system, but it > > > could be a quick solution for you. Otherwise you might wish > > to recompile > > > openssl for your system (which might be a sledgehammer to > > crack a nut). Be > > > careful not to overwrite the existing openssl files though. > > > > I've decided to "fix" the problem like this: > > SSL_CFLAGS="-DOPENSSL_NO_KRB5" > > > > > > > Not important, but I can't get your .sig to compile... > > > > Hardy: $ cat .signature > haha.c && gcc -o haha haha.c && haha > > Just another C hacker > > > > > > -- > > #include <stdio.h> > > int main(){int > > a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67,\ > > 32,104,97,99,107,101,114,10};int *b=a;for(;*b>0;printf("%c",*(b++)));} > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- #include <stdio.h> int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32, \ 67,32,104,97,99,107,101,114,10,0}; int *b=a;while(*b>0)putchar(*b++);} ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]