[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal and OpenSSL


Ok, I've read the thread again. You have written: "Once this is done, then
Heimdal can be built against OpenSSL 0.9.6 or later".

Now let's see:

1. Download & install OpenSSL 0.9.6 - I think no questions here.
2. gzip -dc ~/heimdal-0.3d.tar.gz | tar xf -
3. cd heimdal-0.3d
4. [apply the patch sent to the list before to fix the "-rpath -L no" bug]
5. [apply your patch]
6. [run your perl script]
7. CC=xlc CPPFLAGS='-I/pkg/include/openssl -I/pkg/include/db2 -I/pkg/include' LDFLAGS=-L/pkg/lib ./configure
8. gmake
xlc -g -o verify_krb5_conf verify_krb5_conf.o  -L/pkg/lib ./.libs/libkrb5.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/asn1/.libs/libasn1.a /pkg/maint/build/tmp/tmp2/heimdal-0.3d/lib/roken/.libs/libroken.a -lcrypto ../../lib/asn1/.libs/libasn1.a ../../lib/vers/.libs/libvers.a ../../lib/roken/.libs/libroken.a -ldb
ld: 0711-317 ERROR: Undefined symbol: .des_new_random_key
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more information.

You have written "The changes work on all platforms.". The above error
message is on AIX. Shall I repeat the process on Solaris or on Linux to make
you beleive? (If you really want, I have an account on a DG-UX machine so I
can also try it there...)

I understand that *BSD ships a modified libcrypto library so your changes
might be fine for *BSD. But do not claim that it is for supporting
OpenSSL in general.

I have a _working_ Heimdal linked with OpenSSL's libcrypto on 3 different
operating systems...

> > Your proposed changes. If there is no /dev/urandom, the RNG will not be
> > seeded.
> That's not true.  The changes I posted do not change how anything is
> seeded.   

Yes, they do. If you are using OpenSSL, you have to use its random number
generator instead of Heimdal's (the later is simply not built and is broken
anyway; have you tried using Pine4.31 with IMAP-GSS?). And the RNG must be
seeded somehow. If you have /dev/urandom, OpenSSL will do this
automatically on a call to des_random_key(), otherwise you have to do it


Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary