On Sun, Apr 13, 2003 at 08:10:42PM +0000, dA K6 wrote: > I'm having trouble compiling the Perl module Net::SSLeay on my RH9 > computer. > > According to the author's site, he claims that RH9 is broken. > > Installing Perl & OpenSSL from tar.gz files is what he recommends, in > order to fix this problem with compiling Net::SSLeay. > > Is there another solution, a patch from RH for RH9 perhaps? :) > > Feedback regarding this issue will be appreciated. If you compile OpenSSL 0.9.7 and later with support for Kerberos cipher suites (like we did in RHL 9), then applications which need to link with or otherwise use the OpenSSL libraries need to take into account that you need to add the Kerberos headers and libraries to the build. Here's what I can't stress enough: this is not broken. If you used the 0.9.6 ENGINE variant, then you needed to link with libdl. If you enable zlib compression when building OpenSSL, you need to link with libz. Most people didn't notice because you can link shared libraries against other shared libraries, so linking an application against a shared libssl also pulled libdl and libz in. If OpenSSL grew a dependency on X11R6 tomorrow (unlikely though I believe it to be), you'd be in the same situation. What trips you up is that headers which are needed now aren't in /usr/include, where the compiler will just find them by default, and additional libraries aren't in /usr/lib, where the compiler "knows" to look for them. In Red Hat Linux, the Kerberos headers which are now needed in order to compile with OpenSSL are in /usr/kerberos/include, and the additional libraries are in /usr/kerberos/lib. If you're a developer, you have a few options. You can try to determine if OpenSSL is using Kerberos and handle it (by checking if openssl/opensslconf.h declares OPENSSL_NO_KRB5, and if it isn't declared, and you're building with 0.9.7 or later, deducing that you need Kerberos and proceeding from there). You can just link with Kerberos whether you need it or not. You can tell users to set "CPPFLAGS=`pkg-config --cflags-only-I openssl`" and "LDFLAGS=`pkg-config --libs-only-L openssl`" before running your configure script, or tell them to manually edit your build setup to make equivalent changes if you're not using autoconf. (If you're an end-user, this is probably your best short-term strategy.) Or you can use the pkgconfig[1] data file which is included with 0.9.7 to future-proof your build setup and avoid having to deal with this sort of thing again later on. If you're using autoconf, that means replacing your existing tests with if pkg-config --exists openssl ; then PKG_CHECK_MODULES(SSL,openssl) else <old test code> fi PKG_CHECK_MODULES is a handy macro that sets SSL_CFLAGS and SSL_LIBS to the right values so that you can include them in a Makefile. If you're not using autoconf, you can use pkg-config with its various options to slice and dice compiler and linker flags just about any way you can think of, and use that information in your build setup. Contrary to popular conspiracy theories, none of this is specific to Red Hat Linux the distribution or Linux the OS. It's just what you have to deal with if you build OpenSSL with certain features enabled (in this case, Kerberos cipher suites in TLS, a la RFC2712). Please forgive me if this sounds combative, it's not intended to be. I've just been answering this same question more often than I'd like lately. Cheers, Nalin [1] http://www.freedesktop.org/software/pkgconfig/ _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/redhat-devel-list