Date: Wed, 7 Jul 2010 00:14:28 +1000 From: Andrew Reilly <areilly@bigpond.net.au> To: Kostik Belousov <kostikbel@gmail.com> Cc: freebsd-current@freebsd.org, Matthias Andree <mandree@freebsd.org> Subject: Re: Regression in GSSAPI/libxh509 linking? [PR bin/147175] Message-ID: <9BB48431-AF0F-4DEA-8F9F-35830E147E68@bigpond.net.au> In-Reply-To: <20100706134636.GG13238@deviant.kiev.zoral.com.ua> References: <op.vfexgepa1e62zd@merlin.emma.line.org> <20100706085435.GC13238@deviant.kiev.zoral.com.ua> <4C3317C6.3020009@FreeBSD.org> <20100706123325.GF13238@deviant.kiev.zoral.com.ua> <457406E5-0E8C-4DB0-97B3-C8CAA7DD3AD0@bigpond.net.au> <20100706134636.GG13238@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kostik, Thanks for looking at this, On 06/07/2010, at 23:46 , Kostik Belousov wrote: > Ok, this is useful. But, on the HEAD from Jul 2, I cannot reproduce = it, > with conftest.c and command line above. As well as on the stable/8 = that > is approx. one month old. >=20 > On both systems, MD2_* symbols are resolved by libcrypto.so. Check > your instance, do the symbols appear in the library ? On both my 8- and -current (Jul 3) base systems, libcrypto.so has the = MD2_* symbols, and libhx509.so doesn't (but requires to them). = /usr/local/lib/libcrpto.a does *not* have the MD2 symbols. > As a long shot, do you have openssl 1.0 installed from ports ? My -current box does. My 8.1-RC doesn't. > Note the -L /usr/local/lib switch, that causes -lcrypto to be resolved > from /usr/local/lib, if present. AFAIR, 1.0 removed MD2. Ah-ha. So I guess the situation properly is: Not having heimdal installed from ports, the ones that look for gssapi = libs use the base system, and the /usr/bin/krb5-config gssapi --libs = includes -lhx509, which has unresolved MD2_* symbols. The = -L/usr/local/lib on the command line (presumably for other ports = dependencies) makes the linker look in /usr/local/lib/libcrypto, which = is there because of the openssl-1.0 port, and which doesn't have the = MD2_ sybmols. My two "fixes" both kind of work: removing the MD2 = references from the base system's libhx509 make it compatible with the = -lcrypto in ports; adding an explicit dependency on the base system's = libcrypto also works, because that does have the MD2 references. My = 8-stable system presumably works because it doesn't have openssl-1.0 = installed from ports. So: how should I "fix" this, properly, on my -current system? Is it as = simple as installing heimdal from ports? I can't remove openssl-1.0: = that has 191 ports listed in its REQUIRED_BY file. Should ports/security/heimdal be listed as a dependency of the ports = that use GSSAPI? Is it OK for the base system libhx509.so to *not* have an explicit = dependency on libcrypto, even though there seems to be one, and adding = such a dependency seems to "fix" this problem? Cheers, --=20 Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9BB48431-AF0F-4DEA-8F9F-35830E147E68>