[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: linking heimdal to an openssl library other than the one in thedefault search path.

Love Hörnquist Åstrand wrote:
> Matthew Andrews <matt@slackers.net> writes:
>>any thoughts on how to get heimdal to be linked against the new
>>version of the openssl library, and to ignore the one /usr?
> If you have Kerberos 4 laying around (either in default path or as
> krb4-config) can cause this. So say more, I would need to look at
> config.log and config.status.
> Love

there's an MIT krb5 install in /usr/kerberos(redhat), but none in /usr.
I tried just going back to linking everything against the openssl in
/usr just to refresh my memory on what the orriginal error I was getting
was. in the case where everything is linked against the stock(CentOS
3.x) openssl(openssl-0.9.7a-33.12) in /usr, I see a core dump with the
following stack trace:

(gdb) n

Program received signal SIGSEGV, Segmentation fault.
0x00d43ff7 in ENGINE_get_RSA () from /lib/libcrypto.so.4
(gdb) where
#0  0x00d43ff7 in ENGINE_get_RSA () from /lib/libcrypto.so.4
#1  0x00d67c10 in EVP_SignFinal () from /lib/libcrypto.so.4
#2  0x00645bc4 in _krb5_pk_create_sign (context=0x8e3d008,
    eContentType=0x2b3d40, eContent=0xbfff7788, id=0x8e3e9e0,
    sd_data=0xbfff7780) at pkinit.c:377
#3  0x00646740 in pk_mk_padata (context=0x8e3d008, compat=3, ctx=0x8e3e9d0,
    req_body=0xbfff9cb8, nonce=3652288311, md=0x8e4f9b0) at pkinit.c:754
#4  0x00646ea0 in _krb5_pk_mk_padata (context=0x8e3d008, c=0x8e3e9d0,
    req_body=0xbfff9cb8, nonce=3652288311, md=0x8e4f9b0) at pkinit.c:877
#5  0x0063bed5 in pa_data_to_md_pkinit (context=0x8e3d008, a=0xbfff9cac,
    client=0x8e4fd38, ctx=0xdd1160, md=0x8e4f9b0) at init_creds_pw.c:1016
#6  0x0063c048 in process_pa_data_to_md (context=0x8e3d008,
    a=0xbfff9cac, ctx=0xbfff9c40, in_md=0xbfff79f8, out_md=0xbfff9cb4,
    prompter=0x8049498 <krb5_prompter_posix>, prompter_data=0x0)
    at init_creds_pw.c:1099
#7  0x0063c3b0 in init_cred_loop (context=0x8e3d008,
    prompter=0x8049498 <krb5_prompter_posix>, prompter_data=0x0,
    ctx=0xbfff9c40, creds=0xbfff9c44, ret_as_reply=0xbfff9b70)
    at init_creds_pw.c:1236
#8  0x0063c899 in krb5_get_init_creds (context=0x8e3d008, creds=0xbfffbf30,
    client=0x8e3e270, prompter=0x8049498 <krb5_prompter_posix>, data=0x0,
    start_time=0, in_tkt_service=0x0, options=0x8e509f8)
    at init_creds_pw.c:1381
---Type <return> to continue, or q <return> to quit---
#9  0x0063caa3 in krb5_get_init_creds_password (context=0x8e3d008,
    creds=0xbfffbf30, client=0x8e3e270, password=0x0,
    prompter=0x8049498 <krb5_prompter_posix>, data=0x0, start_time=0,
    in_tkt_service=0x0, in_options=0x8e4e4c0) at init_creds_pw.c:1504
#10 0x0804a2a9 in get_new_tickets (context=0x8e3d008, principal=0x8e3e270,
    ccache=0x8e3e2c0, ticket_life=0, interactive=1) at kinit.c:543
#11 0x0804aa07 in main (argc=0, argv=0xbfffc4a0) at kinit.c:844

Is this possibly a problem loading the soft-pkcs11.so module?

I will go back and try compiling openssl "-g -O0" and linking against
the new openssl again, and send you info from config.log/config.status.
Is there any info in particular that I should be looking for there? or
should I just stick both files in public afs, and send a pointer?

just fyi the configure line I used when attempting to configure heimdal
with the debugging libraries was "CFLAGS="-g -O0" ./configure
--enable-shared=yes --enable-hdb-openldap-module
--enable-pthread-support --enable-kcm
--with-openssl=/usr/local/openssl-0.9.8/ --with-openldap=/usr --with-x
--enable-pk-init --prefix=/opt/heimdal-20050927-debug"

Please let me know if the stack trace above rings any bells. When I
finish re-building everything with debugging I'll put up the config.log
and config.status.

-Matt Andrews