[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal and OpenSSL
Ok, I've read the thread again. You have written: "Once this is done, then
Heimdal can be built against OpenSSL 0.9.6 or later".
Now let's see:
1. Download & install OpenSSL 0.9.6 - I think no questions here.
2. gzip -dc ~/heimdal-0.3d.tar.gz | tar xf -
3. cd heimdal-0.3d
4. [apply the patch sent to the list before to fix the "-rpath -L no" bug]
5. [apply your patch]
6. [run your perl script]
7. CC=xlc CPPFLAGS='-I/pkg/include/openssl -I/pkg/include/db2 -I/pkg/include' LDFLAGS=-L/pkg/lib ./configure
xlc -g -o verify_krb5_conf verify_krb5_conf.o -L/pkg/lib ./.libs/libkrb5.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/asn1/.libs/libasn1.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/roken/.libs/libroken.a -lcrypto ../../lib/asn1/.libs/libasn1.a ../../lib/vers/.libs/libvers.a ../../lib/roken/.libs/libroken.a -ldb
ld: 0711-317 ERROR: Undefined symbol: .des_new_random_key
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.
You have written "The changes work on all platforms.". The above error
message is on AIX. Shall I repeat the process on Solaris or on Linux to make
you beleive? (If you really want, I have an account on a DG-UX machine so I
can also try it there...)
I understand that *BSD ships a modified libcrypto library so your changes
might be fine for *BSD. But do not claim that it is for supporting
OpenSSL in general.
I have a _working_ Heimdal linked with OpenSSL's libcrypto on 3 different
> > Your proposed changes. If there is no /dev/urandom, the RNG will not be
> > seeded.
> That's not true. The changes I posted do not change how anything is
Yes, they do. If you are using OpenSSL, you have to use its random number
generator instead of Heimdal's (the later is simply not built and is broken
anyway; have you tried using Pine4.31 with IMAP-GSS?). And the RNG must be
seeded somehow. If you have /dev/urandom, OpenSSL will do this
automatically on a call to des_random_key(), otherwise you have to do it
Gabor Gombas Eotvos Lorand University
E-mail: firstname.lastname@example.org Hungary