Problem building OpenSSL on Mac OS X with Kerberos support
Hello. I'm having the following problem when building OpenSSL with Kerberos support, both 0.9.8l and 1.0.0beta4, on Intel Mac OS 10.5.8. I'm able to build both versions if I use --no-krb5, though. What should I be looking for in order to fix this build problem? Any pointers are greatly appreciated. $ PERL=/usr/bin/perl ./Configure shared darwin-i386-cc zlib-dynamic -- with-krb5-flavor=MIT --with-krb5-dir=/usr (...) make (...) cc -I../crypto -I.. -I../include -I/usr/include -fPIC -fno-common - DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT - DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -arch i386 -O3 -fomit-frame- pointer -DL_ENDIAN -c -o kssl.o kssl.c ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o d1_both.o d1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o ar: creating archive ../libssl.a /usr/bin/ranlib ../libssl.a || echo Never mind. Undefined symbols: _EC_KEY_get0_group, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _pqueue_next, referenced from: _dtls1_read_failed in libssl.a(d1_both.o) _dtls1_read_failed in libssl.a(d1_both.o) _OPENSSL_DIR_read, referenced from: _SSL_add_dir_cert_subjects_to_stack in libssl.a(ssl_cert.o) _X509_VERIFY_PARAM_set_purpose, referenced from: _SSL_CTX_set_purpose in libssl.a(ssl_lib.o) _SSL_set_purpose in libssl.a(ssl_lib.o) _EVP_CIPHER_CTX_key_length, referenced from: _ssl2_mac in libssl.a(s2_enc.o) _pqueue_peek, referenced from: _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_message_fragment in libssl.a(d1_both.o) _EVP_Cipher, referenced from: _ssl2_enc in libssl.a(s2_enc.o) _ssl3_enc in libssl.a(s3_enc.o) _tls1_enc in libssl.a(t1_enc.o) _dtls1_enc in libssl.a(d1_enc.o) _kssl_check_authent in libssl.a(kssl.o) _krb5_decrypt_tkt_part, referenced from: _kssl_sget_tkt in libssl.a(kssl.o) _EVP_CIPHER_iv_length, referenced from: _client_master_key in libssl.a(s2_clnt.o) _ssl3_change_cipher_state in libssl.a(s3_enc.o) _ssl3_setup_key_block in libssl.a(s3_enc.o) _tls1_change_cipher_state in libssl.a(t1_enc.o) _tls1_setup_key_block in libssl.a(t1_enc.o) _EVP_CIPHER_flags, referenced from: _do_dtls1_write in libssl.a(d1_pkt.o) _EC_KEY_free, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_free in libssl.a(s3_lib.o) _ssl3_clear in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl_cert_dup in libssl.a(ssl_cert.o) _ssl_cert_free in libssl.a(ssl_cert.o) _ssl_sess_cert_free in libssl.a(ssl_cert.o) _BUF_memdup, referenced from: _ssl3_get_cert_status in libssl.a(s3_clnt.o) _EC_KEY_up_ref, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_ctrl in libssl.a(s3_lib.o) _BIO_clear_flags, referenced from: _ssl3_read_bytes in libssl.a(s3_pkt.o) _dtls1_read_bytes in libssl.a(d1_pkt.o) _ssl_read in libssl.a(bio_ssl.o) _ssl_write in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _X509_STORE_CTX_get0_param, referenced from: _ssl_verify_cert_chain in libssl.a(ssl_cert.o) _pitem_free, referenced from: _dtls1_free in libssl.a(d1_lib.o) _dtls1_free in libssl.a(d1_lib.o) _dtls1_free in libssl.a(d1_lib.o) _dtls1_free in libssl.a(d1_lib.o) _dtls1_buffer_record in libssl.a(d1_pkt.o) _dtls1_buffer_record in libssl.a(d1_pkt.o) _dtls1_retrieve_buffered_record in libssl.a(d1_pkt.o) _dtls1_clear_record_buffer in libssl.a(d1_both.o) _dtls1_get_message_fragment in libssl.a(d1_both.o) _dtls1_get_message in libssl.a(d1_both.o) _BIO_test_flags, referenced from: _SSL_get_error in libssl.a(ssl_lib.o) _SSL_get_error in libssl.a(ssl_lib.o) _SSL_get_error in libssl.a(ssl_lib.o
Re: Problem building OpenSSL on Mac OS X with Kerberos support
./config alone won't enable Kerberos support. Also, it won't create a shared/dynamic library and won't use zlib: $ ./config (...) Configuring for darwin-i386-cc no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-shared [default] no-zlib [default] no-zlib-dynamic [default] And true, that PERL variable there is old cruft. :) On 17/11/2009, Lou Picciano wrote: For what it's worth, just built 1.0.0b4, with no problem, using only ./config - with no options passed. This is on OS X 10.6.2, Intel. We don't have a $PERL in our build environment - and why are you needing to pass all those options re Kerberos? Lou Picciano On 17/11/2009, monipol wrote: Hello. I'm having the following problem when building OpenSSL with Kerberos support, both 0.9.8l and 1.0.0beta4, on Intel Mac OS 10.5.8. I'm able to build both versions if I use --no-krb5, though. What should I be looking for in order to fix this build problem? Any pointers are greatly appreciated. $ PERL=/usr/bin/perl ./Configure shared darwin-i386-cc zlib-dynamic --with-krb5-flavor=MIT --with-krb5-dir=/usr (...) make (...) cc -I../crypto -I.. -I../include -I/usr/include -fPIC -fno-common - DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT - DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -arch i386 -O3 -fomit-frame- pointer -DL_ENDIAN -c -o kssl.o kssl.c ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o d1_both.o d1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o ar: creating archive ../libssl.a /usr/bin/ranlib ../libssl.a || echo Never mind. Undefined symbols: _EC_KEY_get0_group, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _pqueue_next, referenced from: _dtls1_read_failed in libssl.a(d1_both.o) _dtls1_read_failed in libssl.a(d1_both.o) _OPENSSL_DIR_read, referenced from: _SSL_add_dir_cert_subjects_to_stack in libssl.a(ssl_cert.o) _X509_VERIFY_PARAM_set_purpose, referenced from: _SSL_CTX_set_purpose in libssl.a(ssl_lib.o) _SSL_set_purpose in libssl.a(ssl_lib.o) _EVP_CIPHER_CTX_key_length, referenced from: _ssl2_mac in libssl.a(s2_enc.o) _pqueue_peek, referenced from: _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_message_fragment in libssl.a(d1_both.o) _EVP_Cipher, referenced from: _ssl2_enc in libssl.a(s2_enc.o) _ssl3_enc in libssl.a(s3_enc.o) _tls1_enc in libssl.a(t1_enc.o) _dtls1_enc in libssl.a(d1_enc.o) _kssl_check_authent in libssl.a(kssl.o) _krb5_decrypt_tkt_part, referenced from: _kssl_sget_tkt in libssl.a(kssl.o) _EVP_CIPHER_iv_length, referenced from: _client_master_key in libssl.a(s2_clnt.o) _ssl3_change_cipher_state in libssl.a(s3_enc.o) _ssl3_setup_key_block in libssl.a(s3_enc.o) _tls1_change_cipher_state in libssl.a(t1_enc.o) _tls1_setup_key_block in libssl.a(t1_enc.o) _EVP_CIPHER_flags, referenced from: _do_dtls1_write in libssl.a(d1_pkt.o) _EC_KEY_free, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_free in libssl.a(s3_lib.o) _ssl3_clear in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl_cert_dup in libssl.a(ssl_cert.o) _ssl_cert_free in libssl.a(ssl_cert.o) _ssl_sess_cert_free in libssl.a(ssl_cert.o) _BUF_memdup, referenced from: _ssl3_get_cert_status in libssl.a(s3_clnt.o) _EC_KEY_up_ref, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_ctrl in libssl.a(s3_lib.o) _BIO_clear_flags, referenced from: _ssl3_read_bytes in libssl.a(s3_pkt.o) _dtls1_read_bytes in libssl.a(d1_pkt.o) _ssl_read in libssl.a(bio_ssl.o) _ssl_write in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _X509_STORE_CTX_get0_param, referenced from: _ssl_verify_cert_chain in libssl.a(ssl_cert.o) _pitem_free, referenced from: _dtls1_free in libssl.a(d1_lib.o) _dtls1_free in libssl.a(d1_lib.o) _dtls1_free
Re: Problem building OpenSSL on Mac OS X with Kerberos support
./config alone won't enable Kerberos support, won't create a shared/ dynamic library, won't use zlib: Configuring for darwin-i386-cc no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5 no-shared [default] no-zlib [default] no-zlib-dynamic [default] And true, that PERL variable there is old cruft. :) On 17/11/2009, Lou Picciano wrote: For what it's worth, just built 1.0.0b4, with no problem, using only ./config - with no options passed. This is on OS X 10.6.2, Intel. We don't have a $PERL in our build environment - and why are you needing to pass all those options re Kerberos? Lou Picciano On 17/11/2009, monipol wrote: Hello. I'm having the following problem when building OpenSSL with Kerberos support, both 0.9.8l and 1.0.0beta4, on Intel Mac OS 10.5.8. I'm able to build both versions if I use --no-krb5, though. What should I be looking for in order to fix this build problem? Any pointers are greatly appreciated. $ PERL=/usr/bin/perl ./Configure shared darwin-i386-cc zlib-dynamic --with-krb5-flavor=MIT --with-krb5-dir=/usr (...) make (...) cc -I../crypto -I.. -I../include -I/usr/include -fPIC -fno-common - DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS -D_REENTRANT - DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -arch i386 -O3 -fomit-frame- pointer -DL_ENDIAN -c -o kssl.o kssl.c ar r ../libssl.a s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o d1_both.o d1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o ssl_err.o kssl.o ar: creating archive ../libssl.a /usr/bin/ranlib ../libssl.a || echo Never mind. Undefined symbols: _EC_KEY_get0_group, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _pqueue_next, referenced from: _dtls1_read_failed in libssl.a(d1_both.o) _dtls1_read_failed in libssl.a(d1_both.o) _OPENSSL_DIR_read, referenced from: _SSL_add_dir_cert_subjects_to_stack in libssl.a(ssl_cert.o) _X509_VERIFY_PARAM_set_purpose, referenced from: _SSL_CTX_set_purpose in libssl.a(ssl_lib.o) _SSL_set_purpose in libssl.a(ssl_lib.o) _EVP_CIPHER_CTX_key_length, referenced from: _ssl2_mac in libssl.a(s2_enc.o) _pqueue_peek, referenced from: _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_record in libssl.a(d1_pkt.o) _dtls1_get_message_fragment in libssl.a(d1_both.o) _EVP_Cipher, referenced from: _ssl2_enc in libssl.a(s2_enc.o) _ssl3_enc in libssl.a(s3_enc.o) _tls1_enc in libssl.a(t1_enc.o) _dtls1_enc in libssl.a(d1_enc.o) _kssl_check_authent in libssl.a(kssl.o) _krb5_decrypt_tkt_part, referenced from: _kssl_sget_tkt in libssl.a(kssl.o) _EVP_CIPHER_iv_length, referenced from: _client_master_key in libssl.a(s2_clnt.o) _ssl3_change_cipher_state in libssl.a(s3_enc.o) _ssl3_setup_key_block in libssl.a(s3_enc.o) _tls1_change_cipher_state in libssl.a(t1_enc.o) _tls1_setup_key_block in libssl.a(t1_enc.o) _EVP_CIPHER_flags, referenced from: _do_dtls1_write in libssl.a(d1_pkt.o) _EC_KEY_free, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_client_key_exchange in libssl.a(s3_srvr.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_get_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_send_client_key_exchange in libssl.a(s3_clnt.o) _ssl3_free in libssl.a(s3_lib.o) _ssl3_clear in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl3_ctx_ctrl in libssl.a(s3_lib.o) _ssl_cert_dup in libssl.a(ssl_cert.o) _ssl_cert_free in libssl.a(ssl_cert.o) _ssl_sess_cert_free in libssl.a(ssl_cert.o) _BUF_memdup, referenced from: _ssl3_get_cert_status in libssl.a(s3_clnt.o) _EC_KEY_up_ref, referenced from: _ssl3_send_server_key_exchange in libssl.a(s3_srvr.o) _ssl3_ctrl in libssl.a(s3_lib.o) _BIO_clear_flags, referenced from: _ssl3_read_bytes in libssl.a(s3_pkt.o) _dtls1_read_bytes in libssl.a(d1_pkt.o) _ssl_read in libssl.a(bio_ssl.o) _ssl_write in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _ssl_ctrl in libssl.a(bio_ssl.o) _X509_STORE_CTX_get0_param, referenced from: _ssl_verify_cert_chain in libssl.a(ssl_cert.o) _pitem_free, referenced from: _dtls1_free in libssl.a(d1_lib.o
Kerberos support
Hello All,Does OpenSsl has support for Kerberos Ciphers? Is ther any documentation or example how to use the Kerberos ciphers ?Thank you for your help.Regards, Prashant. Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze.
RE: Kerberos support?
I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kssl.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use SuSE. I've been forced to rely on siege users to assist with this issue. I checked out bugzilla, thanks for the link. Somebody posted a complaint that the kerboros headers were in /usr/kerboros/include but since openssl relies on them, people are experiencing compile time errors. Of course, we already knew that ;-) A bit odd that you'll need a devel package for a running system, but it could be a quick solution for you. Otherwise you might wish to recompile openssl for your system (which might be a sledgehammer to crack a nut). Be careful not to overwrite the existing openssl files though. I've decided to fix the problem like this: SSL_CFLAGS=-DOPENSSL_NO_KRB5 Not important, but I can't get your .sig to compile... Hardy: $ cat .signature haha.c gcc -o haha haha.c haha Just another C hacker -- #include stdio.h int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67,\ 32,104,97,99,107,101,114,10};int *b=a;for(;*b0;printf(%c,*(b++)));} __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kerberos support?
The problem is that RH9 put kerboros headers outside the include path but they compiled openssl with kerboros support. As a result, programs that use openssl don't compile unless /usr/kerberos/include is added to -I. I got around this by compiling without kerkeros support: -DOPENSSL_NO_KRB5 Cheers, Jeff On Thu, Jan 08, 2004 at 12:19:45PM -0600, Fred Crable wrote: I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kssl.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use SuSE. I've been forced to rely on siege users to assist with this issue. I checked out bugzilla, thanks for the link. Somebody posted a complaint that the kerboros headers were in /usr/kerboros/include but since openssl relies on them, people are experiencing compile time errors. Of course, we already knew that ;-) A bit odd that you'll need a devel package for a running system, but it could be a quick solution for you. Otherwise you might wish to recompile openssl for your system (which might be a sledgehammer to crack a nut). Be careful not to overwrite the existing openssl files though. I've decided to fix the problem like this: SSL_CFLAGS=-DOPENSSL_NO_KRB5 Not important, but I can't get your .sig to compile... Hardy: $ cat .signature haha.c gcc -o haha haha.c haha Just another C hacker -- #include stdio.h int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67,\ 32,104,97,99,107,101,114,10};int *b=a;for(;*b0;printf(%c,*(b++)));} __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED
RE: Kerberos support?
Actually I've got it down to one final symbol using -lkrb5 -lk5crypto and -lkdb5. /usr/kerberos/lib/libkrb5.a(kdb5_err.o)(.text+0x1b): In function `initialize_kdb5_error_table': : undefined reference to `_et_list' -Original Message- From: Fred Crable Sent: Thursday, January 08, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: RE: Kerberos support?_et_list I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kss l.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use SuSE. I've been forced to rely on siege users to assist with this issue. I checked out bugzilla, thanks for the link. Somebody posted a complaint that the kerboros headers were in /usr/kerboros/include but since openssl relies on them, people are experiencing compile time errors. Of course, we already knew that ;-) A bit odd that you'll need a devel package for a running system, but it could be a quick solution for you. Otherwise you might wish to recompile openssl for your system (which might be a sledgehammer to crack a nut). Be careful not to overwrite the existing openssl files though. I've decided to fix the problem like this: SSL_CFLAGS=-DOPENSSL_NO_KRB5 Not important, but I can't get your .sig to compile... Hardy: $ cat .signature haha.c gcc -o haha haha.c haha Just another C hacker -- #include stdio.h int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67,\ 32,104,97,99,107,101,114,10};int *b=a;for(;*b0;printf(%c,*(b++)));} __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List
RE: Kerberos support?
So your saying I need to recompile the SSL lib with the -D flag or define the include directory /usr/include/kerberos to work? Or can I just compile my SSL program w/-DOPENSSL_NO_KRB5 ? Thanks Again Jeff, Fred -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 12:36 PM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? The problem is that RH9 put kerboros headers outside the include path but they compiled openssl with kerboros support. As a result, programs that use openssl don't compile unless /usr/kerberos/include is added to -I. I got around this by compiling without kerkeros support: -DOPENSSL_NO_KRB5 Cheers, Jeff On Thu, Jan 08, 2004 at 12:19:45PM -0600, Fred Crable wrote: I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kss l.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use SuSE. I've been forced to rely on siege users to assist with this issue. I checked out bugzilla, thanks for the link. Somebody posted a complaint that the kerboros headers were in /usr/kerboros/include but since openssl relies on them, people are experiencing compile time errors. Of course, we already knew that ;-) A bit odd that you'll need a devel package for a running system, but it could be a quick solution for you. Otherwise you might wish to recompile openssl for your system (which might be a sledgehammer to crack a nut). Be careful not to overwrite the existing openssl files though. I've decided to fix the problem like this: SSL_CFLAGS=-DOPENSSL_NO_KRB5 Not important, but I can't get your .sig to compile... Hardy: $ cat .signature haha.c gcc -o haha haha.c haha Just another C hacker -- #include stdio.h int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67
Re: Kerberos support?
You should be able to compile the program with -DOPENSSL_NO_KRB5 On Thu, Jan 08, 2004 at 12:51:44PM -0600, Fred Crable wrote: So your saying I need to recompile the SSL lib with the -D flag or define the include directory /usr/include/kerberos to work? Or can I just compile my SSL program w/-DOPENSSL_NO_KRB5 ? Thanks Again Jeff, Fred -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 12:36 PM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? The problem is that RH9 put kerboros headers outside the include path but they compiled openssl with kerboros support. As a result, programs that use openssl don't compile unless /usr/kerberos/include is added to -I. I got around this by compiling without kerkeros support: -DOPENSSL_NO_KRB5 Cheers, Jeff On Thu, Jan 08, 2004 at 12:19:45PM -0600, Fred Crable wrote: I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kss l.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use SuSE. I've been forced to rely on siege users to assist with this issue. I checked out bugzilla, thanks for the link. Somebody posted a complaint that the kerboros headers were in /usr/kerboros/include but since openssl relies on them, people are experiencing compile time errors. Of course, we already knew that ;-) A bit odd that you'll need a devel package for a running system, but it could be a quick solution for you. Otherwise you might wish to recompile openssl for your system (which might be a sledgehammer to crack a nut). Be careful not to overwrite the existing openssl files though. I've decided to fix the problem like this: SSL_CFLAGS=-DOPENSSL_NO_KRB5 Not important
RE: Kerberos support?
I tried that one, but I was linking everything with -static. I guess there are some shared object libs that will provide the Kerberos support because I removed my -static and used the OPENSSL_NO_KRB5 and it compiled OK. We'll see if it runs :) I did bring over the RTFM example C code just for kicks and it compiled w/o any complaints and w/o defining the NO_KRB5!? Perhaps I'll recompile openssl on the target RedHat Enterprise 2.4. Thanks again for the help. Regards, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? You should be able to compile the program with -DOPENSSL_NO_KRB5 On Thu, Jan 08, 2004 at 12:51:44PM -0600, Fred Crable wrote: So your saying I need to recompile the SSL lib with the -D flag or define the include directory /usr/include/kerberos to work? Or can I just compile my SSL program w/-DOPENSSL_NO_KRB5 ? Thanks Again Jeff, Fred -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 12:36 PM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? The problem is that RH9 put kerboros headers outside the include path but they compiled openssl with kerboros support. As a result, programs that use openssl don't compile unless /usr/kerberos/include is added to -I. I got around this by compiling without kerkeros support: -DOPENSSL_NO_KRB5 Cheers, Jeff On Thu, Jan 08, 2004 at 12:19:45PM -0600, Fred Crable wrote: I may be a little off-topic, but I'm porting my code to Red-Hat Enterprise 2.4 and I was wondering what libs I needed to stop the following link errors? They look like Kerberos lib functions, but I'm not finding them defined with nm in any of the /usr/kerberos/lib files. BTW -- This compiled great on 7.3, it looks like I may be missing an RPM or something? I didn't have to include -lkrb5 before, but I was trying it to resolve some of the symbols. It did resolve some, but not all. From my System: [EMAIL PROTECTED] root]# uname -r 2.4.21-4.0.1.EL [EMAIL PROTECTED] lib]# rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-19 [EMAIL PROTECTED] lib]# rpm -q openssl openssl-0.9.7a-22.1 Thanks! /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/../../../libssl.a(kss l.o)(.text+0x1f3): In function `populate_cksumlens': : undefined reference to `krb5_checksum_size' /usr/kerberos/lib/libkrb5.a(auth_con.o)(.text+0x6a5): In function `krb5_auth_con_initivector': : undefined reference to `krb5_c_block_size' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x24): In function `krb5_decrypt_tkt_part': : undefined reference to `valid_enctype' /usr/kerberos/lib/libkrb5.a(decrypt_tk.o)(.text+0x89): In function `krb5_decrypt_tkt_part': : undefined reference to `krb5_c_decrypt' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x139): In function `init_common': : undefined reference to `krb5_c_random_seed' /usr/kerberos/lib/libkrb5.a(init_ctx.o)(.text+0x3d4): In function `krb5_set_default_in_tkt_ktypes': : undefined reference to `valid_enctype' Thank You, Fred Crable -Original Message- From: Jeff Fulmer [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: Re: Kerberos support? On Wed, Jan 07, 2004 at 11:59:13AM -, [EMAIL PROTECTED] wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff Have you checked with Red Hat's bugzilla (https://bugzilla.redhat.com/bugzilla)? rpm -q openssl should give you openssl-0.9.7a-20 if you've got the latest version installed, which was released last year. The rpmdb-redhat rpm package can show you which package has which file: rpm -q --redhatprovides /usr/kerberos/include/krb5.h krb5-devel-1.2.7-10 Unfortunately I don't have access to a Red Hat system. I use
Re: Kerberos support?
In message [EMAIL PROTECTED] on Tue, 6 Jan 2004 13:26:09 -0500, Jeff Fulmer [EMAIL PROTECTED] said: jeff I'm the author of siege, an open source http regression tester. I jeff recently started to recieve complaints from users on Red Hat 9.0 jeff systems. Apparently openssl is built with kerberos support on red jeff hat 9.0 and it requires krb5.h which is in /usr/kerberos/include jeff How can I detect if openssl was built with kerberos support? Include openssl/opensslconf.h and check if OPENSSL_NO_KRB5 is defined. If it isn't, OpenSSL is compiled with Kerberos support. This is, at least, if the Red Hat build is done the way I expect it to be. - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. You don't have to be rich, a $10 donation is appreciated! -- Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kerberos support?
- Original Message - From: Richard Levitte - VMS Whacker [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 1:05 PM Subject: Re: Kerberos support? Include openssl/opensslconf.h and check if OPENSSL_NO_KRB5 is defined. If it isn't, OpenSSL is compiled with Kerberos support. This is, at least, if the Red Hat build is done the way I expect it to be. Well actuall it probably isn't, on a default redhat install, it's impossible to compile using openssl-dev. You have to modify opensslconf.h and define OPENSSL_NO_KRB5 in it. I'm guessing their SPECS file is missing a require dependency to krb5-devel. This problem has been there ever since they first packaged 0.9.7. Frédéric Giudicelli http://www.newpki.org __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Kerberos support?
Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. Cheers, Jeff -- #include stdio.h int main(){int a[]={74,117,115,116,32,97,110,111,116,104,101,114,32,67,\ 32,104,97,99,107,101,114,10};int *b=a;for(;*b0;printf(%c,*(b++)));} __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Kerberos support?
Jeff Fulmer wrote: Hi, I'm the author of siege, an open source http regression tester. I recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include How can I detect if openssl was built with kerberos support? I don't know how to detect if openssl was built with kerberos support, but I had to define OPENSSL_NO_KRB5 (-DOPENSSL_NO_KRB5) to build my own openssl using app on RedHat 9. I thought it was the other way around - that there were unresolved kerberos related symbols - but I may be mistaken. Since I don't use Kerberos and don't really care if support is there or not, that compile define seems to work fine. It works fine on RedHat 7.X, 8 and 9, though I'm not sure it does anything at all on the most up to date errata versions distributed with 7 or 8. Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced this problem but were unable to replicate it on another system. Is there a known issue with openssl on Red Hat 9.0? I have not yet recieved a meaningful stacktrace. I had problems on RedHat 9 sharing a SSL_CTX between threads. I was establishing multiple simultaneous/overlapping connections to a closed source product on a remote machine - which was also RedHat 9. It turns out the remote machine was also having problems when my client was sharing contexts and I was never really able to track down what was going on - however creating a new context for each connection worked flawlessly, so that's what it's doing at the moment. Some time later the company that made the product instructed us to add LD_ASSUME_KERNEL=2.4.1 to the environment prior to startup as it apparently forces use of the old threading model. I can't really say wether this resolved the original problems or not since it was done after we had moved to production and we're not going to rollback the functional workaround to find out :) That's probably worth trying though, and I'd be interested in hearing if it helps or not. Andrew Cheers, Jeff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]