[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

linking heimdal to an openssl library other than the one in the defaultsearch path.


I am trying to set up heimdal pkinit to use opensc's engine-pkcs11, and
Love's soft-pkcs11. I was having difficulty(kinit core dumping in
openssl somewhere) so went to build heimdal against an openssl that was
built with debugging enabled. I was able to build opensc against the new
openssl, however even when I pass
"--with-openssl=/usr/local/openssl-0.9.8" to the heimdal configure, I
still end up with heimdal binaries that are linked against the system
openssl libraries.

when I run kinit in gdb and walk through eval_pairs(), I get a failure
when running ENGINE_ctrl_cmd_string() for the LOAD comand.

and when I print context->error_string after the krb5_set_error_string()
call I see the following:

(gdb) p context->error_string
$1 = 0x99ff4c8 "PKINIT: Failed precommand (dynamic - LOAD:(NULL)):
error:260B6091:engine routines:DYNAMIC_LOAD:version incompatibility"

I began getting this error after re-compiling opensc against the version
of openssl that I built with debugging.

ldd of kinit shows the following:

% ldd /opt/heimdal-20050927-debug/bin/kinit
        libkafs.so.0 => /opt/heimdal-20050927-debug/lib/libkafs.so.0
        libkrb5.so.17 => /opt/heimdal-20050927-debug/lib/libkrb5.so.17
        libasn1.so.5 => /opt/heimdal-20050927-debug/lib/libasn1.so.5
        libroken.so.16 => /opt/heimdal-20050927-debug/lib/libroken.so.16
        libdl.so.2 => /lib/libdl.so.2 (0x007be000)
        libcom_err.so.1 =>
/opt/heimdal-20050927-debug/lib/libcom_err.so.1 (0x00b2a000)
        libdb-4.1.so => /lib/libdb-4.1.so (0x00f28000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x00111000)
        libresolv.so.2 => /lib/libresolv.so.2 (0x0013e000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00831000)
        libc.so.6 => /lib/tls/libc.so.6 (0x002bc000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00cf7000)

any thoughts on how to get heimdal to be linked against the new version
of the openssl library, and to ignore the one /usr?