[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal and OpenSSL

To: "Jacques A. Vidrine" <n@nectar.com>
Subject: Re: heimdal and OpenSSL
From: GOMBAS Gabor <gombasg@inf.elte.hu>
Date: Fri, 5 Jan 2001 01:26:52 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <20010104162409.A86191@hamlet.nectar.com>; from n@nectar.com on Thu, Jan 04, 2001 at 04:24:09PM -0600
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,heimdal-discuss@sics.se
References: <20010104104221.B46732@hamlet.nectar.com> <20010104192845.V158614@pandora.inf.elte.hu> <20010104130745.B85350@hamlet.nectar.com> <20010104231114.C158614@pandora.inf.elte.hu> <20010104162409.A86191@hamlet.nectar.com>
Sender: owner-heimdal-discuss@sics.se

Hello,

Ok, I've read the thread again. You have written: "Once this is done, then
Heimdal can be built against OpenSSL 0.9.6 or later".

Now let's see:

1. Download & install OpenSSL 0.9.6 - I think no questions here.
2. gzip -dc ~/heimdal-0.3d.tar.gz | tar xf -
3. cd heimdal-0.3d
4. [apply the patch sent to the list before to fix the "-rpath -L no" bug]
5. [apply your patch]
6. [run your perl script]
7. CC=xlc CPPFLAGS='-I/pkg/include/openssl -I/pkg/include/db2 -I/pkg/include' LDFLAGS=-L/pkg/lib ./configure
8. gmake
Result:
[...]
xlc -g -o verify_krb5_conf verify_krb5_conf.o  -L/pkg/lib ./.libs/libkrb5.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/asn1/.libs/libasn1.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/roken/.libs/libroken.a -lcrypto ../../lib/asn1/.libs/libasn1.a ../../lib/vers/.libs/libvers.a ../../lib/roken/.libs/libroken.a -ldb
ld: 0711-317 ERROR: Undefined symbol: .des_new_random_key
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.

You have written "The changes work on all platforms.". The above error
message is on AIX. Shall I repeat the process on Solaris or on Linux to make
you beleive? (If you really want, I have an account on a DG-UX machine so I
can also try it there...)

I understand that *BSD ships a modified libcrypto library so your changes
might be fine for *BSD. But do not claim that it is for supporting
OpenSSL in general.

I have a _working_ Heimdal linked with OpenSSL's libcrypto on 3 different
operating systems...

> > Your proposed changes. If there is no /dev/urandom, the RNG will not be
> > seeded.
> 
> That's not true.  The changes I posted do not change how anything is
> seeded.   

Yes, they do. If you are using OpenSSL, you have to use its random number
generator instead of Heimdal's (the later is simply not built and is broken
anyway; have you tried using Pine4.31 with IMAP-GSS?). And the RNG must be
seeded somehow. If you have /dev/urandom, OpenSSL will do this
automatically on a call to des_random_key(), otherwise you have to do it
yourself.

Gabor

-- 
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

Follow-Ups:
- Re: heimdal and OpenSSL
  - From: "Jacques A. Vidrine" <n@nectar.com>

References:
- heimdal and OpenSSL
  - From: "Jacques A. Vidrine" <n@nectar.com>
- Re: heimdal and OpenSSL
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>
- Re: heimdal and OpenSSL
  - From: "Jacques A. Vidrine" <n@nectar.com>
- Re: heimdal and OpenSSL
  - From: GOMBAS Gabor <gombasg@inf.elte.hu>
- Re: heimdal and OpenSSL
  - From: "Jacques A. Vidrine" <n@nectar.com>

Prev by Date: Re: heimdal and OpenSSL
Next by Date: Re: heimdal and OpenSSL
Prev by thread: Re: heimdal and OpenSSL
Next by thread: Re: heimdal and OpenSSL
Index(es):
- Date
- Thread