[pubcookie-users] Re: Linux infinite redirects
rcgraves at brandeis.edu
Tue Feb 25 14:51:28 PST 2003
On Thu, 20 Feb 2003, Nathan Dors <dors at cac.washington.edu> wrote:
> anyway, but it would be nice to know that the signature
> fails due to bugs in underlying code such as openssl.
> Therefore, keep us posted on your experiments with
> different builds of openssl. That might lead to
> something positive.
I've taken this as an opportunity to expand my areas of expertise, but I've
reached my limit for the moment, sorry...
I got a RedHat 7.3 box built with openssl 0.97, both canonical source and
backported RPM from phoebe beta (deleting troublesome linkage of openssl
with zlib and kerberos, and also backporting openssl096b package from
phoebe to avoid breaking binaries that want libssl.so.2). Apache segfaulted
on loading pubcookie. Tried many other combinations, no particular
In desperation I tried a development box with the phoebe beta, RedHat
8.094. RedHat links openssl itself with kerberos now, so on that box I have
apache 1.3/mod_ssl built with
CFLAGS=`krb5-config --cflags` LIBS=`krb5-config --libs` ./configure
and have configured pubcookie with
CFLAGS=`krb5-config --cflags` LDFLAGS=`krb5-config --libs` \
LIBS=`krb5-config --libs` ./configure
and get a pubcookie.so module that displays the same behavior as the
normal, default RH 7.3 build -- loads ok, but login fails with spurious
"file not found" after fetching the private DES key with a static RH 7.3
build of keyclient.
I have not yet been able to build keyclient on RH 8.094. I am stuck here:
Making pubcookie-3.0.0-pre-beta4 apache module
gcc -g -O2 -I/usr/kerberos/include -DHAVE_CONFIG_H -I./src \
-o keyclient ./src/keyclient.o ./src/libpubcookie.o ./src/base64.o \
./src/strlcpy.o ./src/snprintf.o ./src/pbc_myconfig.o \
./src/security_legacy.o ./src/pbc_logging.o ./src/capture_cmd_output.o \
-L/usr/kerberos/lib -lkrb5 -lk5crypto -lcom_err -lssl -lcrypto \
-ldl -lnsl -lssl -lcrypto -ldl -lnsl
./src/pbc_myconfig.o(.text+0x654): In function `config_read':
src/pbc_myconfig.c:219: undefined reference to `errno'
collect2: ld returned 1 exit status
make: *** [keyclient] Error 1
So, bottom line, I'm too much in the dark to provide a definitive answer on
whether fiddling with redhat's openssl versions would help.
Rich Graves <rcgraves at brandeis.edu>
UNet Systems Administrator
More information about the pubcookie-users