[pubcookie-users] Re: Linux infinite redirects

Rich Graves rcgraves at brandeis.edu
Tue Feb 25 14:51:28 PST 2003 

On Thu, 20 Feb 2003, Nathan Dors <dors at cac.washington.edu> wrote:

> anyway, but it would be nice to know that the signature
> fails due to bugs in underlying code such as openssl.
> 
> Therefore, keep us posted on your experiments with
> different builds of openssl. That might lead to
> something positive.

I've taken this as an opportunity to expand my areas of expertise, but I've 
reached my limit for the moment, sorry...

I got a RedHat 7.3 box built with openssl 0.97, both canonical source and
backported RPM from phoebe beta (deleting troublesome linkage of openssl
with zlib and kerberos, and also backporting openssl096b package from
phoebe to avoid breaking binaries that want libssl.so.2). Apache segfaulted
on loading pubcookie. Tried many other combinations, no particular
progress.

In desperation I tried a development box with the phoebe beta, RedHat
8.094. RedHat links openssl itself with kerberos now, so on that box I have
apache 1.3/mod_ssl built with

CFLAGS=`krb5-config --cflags` LIBS=`krb5-config --libs` ./configure

and have configured pubcookie with

CFLAGS=`krb5-config --cflags` LDFLAGS=`krb5-config --libs` \
 LIBS=`krb5-config --libs` ./configure

and get a pubcookie.so module that displays the same behavior as the 
normal, default RH 7.3 build -- loads ok, but login fails with spurious 
"file not found" after fetching the private DES key with a static RH 7.3 
build of keyclient.

I have not yet been able to build keyclient on RH 8.094. I am stuck here:

Making pubcookie-3.0.0-pre-beta4 apache module
gcc -g -O2 -I/usr/kerberos/include -DHAVE_CONFIG_H -I./src \
  -o keyclient ./src/keyclient.o ./src/libpubcookie.o ./src/base64.o \
  ./src/strlcpy.o ./src/snprintf.o ./src/pbc_myconfig.o \
  ./src/security_legacy.o ./src/pbc_logging.o ./src/capture_cmd_output.o \
  -L/usr/kerberos/lib -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto \
  -ldl -lnsl -lssl -lcrypto -ldl -lnsl
./src/pbc_myconfig.o(.text+0x654): In function `config_read':
src/pbc_myconfig.c:219: undefined reference to `errno'
collect2: ld returned 1 exit status
make: *** [keyclient] Error 1

So, bottom line, I'm too much in the dark to provide a definitive answer on 
whether fiddling with redhat's openssl versions would help.
-- 
Rich Graves <rcgraves at brandeis.edu>
UNet Systems Administrator

More information about the pubcookie-users mailing list