Re: Net::SSLeay will not compile on RH9.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Apr 13, 2003 at 08:10:42PM +0000, dA K6 wrote:
> I'm having trouble compiling the Perl module Net::SSLeay on my RH9
> computer.
> 
> According to the author's site, he claims that RH9 is broken.
> 
> Installing Perl & OpenSSL from tar.gz files is what he recommends, in
> order to fix this problem with compiling Net::SSLeay.
> 
> Is there another solution, a patch from RH for RH9 perhaps? :)
> 
> Feedback regarding this issue will be appreciated.

If you compile OpenSSL 0.9.7 and later with support for Kerberos cipher
suites (like we did in RHL 9), then applications which need to link with
or otherwise use the OpenSSL libraries need to take into account that
you need to add the Kerberos headers and libraries to the build.

Here's what I can't stress enough: this is not broken.

If you used the 0.9.6 ENGINE variant, then you needed to link with
libdl.  If you enable zlib compression when building OpenSSL, you need
to link with libz.  Most people didn't notice because you can link
shared libraries against other shared libraries, so linking an
application against a shared libssl also pulled libdl and libz in.  If
OpenSSL grew a dependency on X11R6 tomorrow (unlikely though I believe
it to be), you'd be in the same situation.

What trips you up is that headers which are needed now aren't in
/usr/include, where the compiler will just find them by default, and
additional libraries aren't in /usr/lib, where the compiler "knows" to
look for them.

In Red Hat Linux, the Kerberos headers which are now needed in order to
compile with OpenSSL are in /usr/kerberos/include, and the additional
libraries are in /usr/kerberos/lib.

If you're a developer, you have a few options.

You can try to determine if OpenSSL is using Kerberos and handle it (by
checking if openssl/opensslconf.h declares OPENSSL_NO_KRB5, and if it
isn't declared, and you're building with 0.9.7 or later, deducing that
you need Kerberos and proceeding from there).

You can just link with Kerberos whether you need it or not.

You can tell users to set "CPPFLAGS=`pkg-config --cflags-only-I
openssl`" and "LDFLAGS=`pkg-config --libs-only-L openssl`" before
running your configure script, or tell them to manually edit your build
setup to make equivalent changes if you're not using autoconf.  (If
you're an end-user, this is probably your best short-term strategy.)

Or you can use the pkgconfig[1] data file which is included with 0.9.7
to future-proof your build setup and avoid having to deal with this sort
of thing again later on.  If you're using autoconf, that means replacing
your existing tests with
    if pkg-config --exists openssl ; then
        PKG_CHECK_MODULES(SSL,openssl)
    else
        <old test code>
    fi
PKG_CHECK_MODULES is a handy macro that sets SSL_CFLAGS and SSL_LIBS to
the right values so that you can include them in a Makefile.  If you're
not using autoconf, you can use pkg-config with its various options to
slice and dice compiler and linker flags just about any way you can
think of, and use that information in your build setup.

Contrary to popular conspiracy theories, none of this is specific to Red
Hat Linux the distribution or Linux the OS.  It's just what you have to
deal with if you build OpenSSL with certain features enabled (in this
case, Kerberos cipher suites in TLS, a la RFC2712).

Please forgive me if this sounds combative, it's not intended to be.
I've just been answering this same question more often than I'd like
lately.

Cheers,

Nalin

[1] http://www.freedesktop.org/software/pkgconfig/



_______________________________________________
Redhat-devel-list mailing list
Redhat-devel-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/redhat-devel-list

[Index of Archives]     [Kernel Newbies]     [Red Hat General]     [Fedora]     [Red Hat Install]     [Linux Kernel Development]     [Yosemite News]

  Powered by Linux