Some inconsistencies concerning OpenSSL include configuration in FRS 3

Dr. Andreas Rieke rieke at isl.de
Sun Jul 27 00:10:22 CEST 2014 

On 26 Jul 2014, at 20:56, Arran Cudbard-Bell wrote:
>
> On 26 Jul 2014, at 14:13, Dr. Andreas Rieke <rieke at isl.de> wrote:
>
>> On 26 Jul 2014, at 17:31, Arran Cudbard-Bell wrote:
>>
>>>> However, there is another problem which causes the make process to fail; the problem occurs with rlm_always first:
>>>>>>> CC /home/freeradius/freeradius-server-3.0.3/src/modules/rlm_always/rlm_always.c
>>>>>>> In file included from /home/freeradius/freeradius-server-3.0.3/src/freeradius-devel/radiusd.h:59,
>>>>>>>                from /home/freeradius/freeradius-server-3.0.3/src/modules/rlm_always/rlm_always.c:27:
>>>>>>> /home/freeradius/freeradius-server-3.0.3/src/freeradius-devel/tls.h:39:25: error: openssl/err.h: No such file or directory
>>>>>>> /home/freeradius/freeradius-server-3.0.3/src/freeradius-devel/tls.h:41:30: error: openssl/engine.h: No such file or directory
>>>>>>> /home/freeradius/freeradius-server-3.0.3/src/freeradius-devel/tls.h:43:25: error: openssl/ssl.h: No such file or directory
>>>>> I already tried to use an environment variable CPPFLAGS="-I /opt/openssl/include" for the main configure script, but that did not help. What else can I do to convice FreeRADIUS to use the correct OpenSSL system?
>>> You'd set it in Make.inc.
>>>
>>> With v3.0.x head
>>>
>>> Works for me with v3.0.x...
>>>
>>> ./configure --with-openssl-lib-dir=/usr/local/opt/openssl/lib --with-openssl-include-dir=/usr/local/opt/openssl/include
>>> ...
>>> checking OpenSSL library and header version consistency... library: 1000108f header: 1000108f... yes
>>> ...
>>>
>>> LINK build/lib/libfreeradius-radius.la
>>> CC /Users/arr2036/Documents/Repositories/freeradius-server-master/src/tests/rbmonkey.c
>>> LINK build/bin/rbmonkey
>>> CC /Users/arr2036/Documents/Repositories/freeradius-server-master/src/modules/rlm_always/rlm_always.c
>>> LINK build/lib/rlm_always.la
>>
>> Hi again,
>>
>> first thanks a lot for your answer. Things work exactly as you said - in 3.0.2, but not in 3.0.3.
>>
>> The Make.inc file already contains the correct parameters - even without the parameter CPPFLAGS="-I /opt/openssl/include" for the configuration script:
>>> CPPFLAGS        =     -isystem /opt/openssl/include
>> If you pass CPPFLAGS="-I /opt/openssl/include" to the configure script, you get the path twice:
>>> CPPFLAGS        =     -isystem /opt/openssl/include   -I /opt/openssl/include
>>
>> However, in both cases make fails compiling the module rlm_always because the
>> system can not find openssl/err.h and other openssl header files. Is it
>> possible that there are system openssl header files on your machine, maybe in
>> /usr/local/include or in /opt/include, which the preprocessor uses? I am sure that such files do not exist on my machine. Could this be the rason why make runs well on your system, but not on my machine?
>
> No. The runtime version compatibility checks use the OpenSSL version from a macro
> in the OpenSSL include files.
>
> If it were using the system OpenSSL header files, and non system libraries the server
> would error out on startup (which it doesn't).
>
> Could you try with the v3.0.x branch and see if it's been fixed. I remember Alan 
> complaining about it not working correctly, but I can't remember if his issues
> were fixed before 3.0.3 was released or after.

Hi,

let me start with the good news: The main problem is solved, rlm_always and
all other files now compile without errors.
However, we have also bad news, let me explain step by step:

1. The current v3.0.x source does not compile because of a problem in pcap.c.
There is no pcap installed on my machine, and configure has detected that correctly.
However, there are two functions at the end of pcap.c which are not included 
in the "#ifdef HAVE_LIBPCAP" and for that reason, the compiler creates errors. 
If you simply put everything in pcap.c between the "#ifdef HAVE_LIBPCAP" and 
"#endif", everything works well on my machine.

2. The configuration for types/rlm_eap_pwd does not yet work:
> checking for openssl/ec.h... no
> checking for openssl/ec.h in /usr/local/include/... no
> checking for openssl/ec.h in /opt/include/... no
> checking for OpenSSL support... yes
> checking for EVP_sha256 in -lc -lcrypto -lssl... no
> configure: WARNING: EVP_sha256 not found, may have issues wirh WiMAX certificates
> checking for EC_GROUP_free... no
> configure: WARNING: silently not building rlm_eap_pwd.
> configure: WARNING: FAILURE: rlm_eap_pwd requires: EC_GROUP_free.
I am sure that ec.h is in the directory where it should be.

3. The configuration of src/modules/rlm_unbound does not yet work:
> checking for openssl/crypto.h... no
> checking for openssl/crypto.h in /usr/local/include/... no
> checking for openssl/crypto.h in /opt/include/... no
> configure: WARNING: silently not building rlm_unbound.
> configure: WARNING: FAILURE: rlm_unbound requires:  libunbound unbound.h openssl/crypto.h.
Again, I am sure that openssl/crypto.h is in place and readable by the compiler.

4. This issue is about src/modules/rlm_wimax:
> checking openssl/hmac.h usability... no
> checking openssl/hmac.h presence... no
> checking for openssl/hmac.h... no
> configure: WARNING: silently not building rlm_wimax.
> configure: WARNING: FAILURE: rlm_wimax requires:  openssl/hmac.h.

5. The last issue is good news again: The problems with the otp configuration are solved.

Please let me know if I can help you with these issues,

best regards,

Andreas

More information about the Freeradius-Users mailing list