Some inconsistencies concerning OpenSSL include configuration in FRS 3
Dr. Andreas Rieke
rieke at isl.de
Sun Jul 27 22:09:10 CEST 2014
Alan DeKok wrote:
> Dr. Andreas Rieke wrote:
>> On 26 Jul 2014, at 20:56, Arran Cudbard-Bell wrote:
>> 1. The current v3.0.x source does not compile because of a problem in pcap.c.
>> There is no pcap installed on my machine, and configure has detected that correctly.
>> However, there are two functions at the end of pcap.c which are not included
>> in the "#ifdef HAVE_LIBPCAP" and for that reason, the compiler creates errors.
>> If you simply put everything in pcap.c between the "#ifdef HAVE_LIBPCAP" and
>> "#endif", everything works well on my machine.
>
> I've pushed a fix.
Thanks - I have tested it, it works great.
>> 2. The configuration for types/rlm_eap_pwd does not yet work:
>>> checking for openssl/ec.h... no
>>> checking for openssl/ec.h in /usr/local/include/... no
>>> checking for openssl/ec.h in /opt/include/... no
>>> checking for OpenSSL support... yes
>>> checking for EVP_sha256 in -lc -lcrypto -lssl... no
>>> configure: WARNING: EVP_sha256 not found, may have issues wirh WiMAX certificates
>>> checking for EC_GROUP_free... no
>>> configure: WARNING: silently not building rlm_eap_pwd.
>>> configure: WARNING: FAILURE: rlm_eap_pwd requires: EC_GROUP_free.
>> I am sure that ec.h is in the directory where it should be.
>
> Is it in the directories which are printed out above?
>
> What does the "config.log" file say? i.e.
> src/modules/rlm_eap/types/rlm_eap_pwd/config.log It should be filled
> with logs from all of the attempts to compile the source.
>
>> 3. The configuration of src/modules/rlm_unbound does not yet work:
>>> checking for openssl/crypto.h... no
>>> checking for openssl/crypto.h in /usr/local/include/... no
>>> checking for openssl/crypto.h in /opt/include/... no
>>> configure: WARNING: silently not building rlm_unbound.
>>> configure: WARNING: FAILURE: rlm_unbound requires: libunbound unbound.h openssl/crypto.h.
>> Again, I am sure that openssl/crypto.h is in place and readable by the compiler.
>
> The same comments apply as above.
>
>> 4. This issue is about src/modules/rlm_wimax:
>>> checking openssl/hmac.h usability... no
>>> checking openssl/hmac.h presence... no
>>> checking for openssl/hmac.h... no
>>> configure: WARNING: silently not building rlm_wimax.
>>> configure: WARNING: FAILURE: rlm_wimax requires: openssl/hmac.h.
>
> The same comments apply here, too.
Let us merge the three problems types/rlm_eap_pwd, src/modules/rlm_unbound and src/modules/rlm_wimax: All of the configuration scripts are somehow called by the main configuration script, and the two parameters for the OpenSSL directories are passed to each of the three "sub" configuration scripts. However, in contrast to the main configure script, none of the three knows the parameters for the OpenSSL directories:
> [rieke at archer freeradius-server-2014-07-27_21-23]$ grep -i openssl-.*-dir configure src/modules/rlm_eap/types/rlm_eap_pwd/configure src/modules/rlm_unbound/configure src/modules/rlm_wimax/configure
> configure: --with-openssl-lib-dir=DIR
> configure: --with-openssl-include-dir=DIR
> configure:# Check whether --with-openssl-lib-dir was given.
> configure:# Check whether --with-openssl-include-dir was given.
> configure:as_fn_error $? "failed linking to libssl. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
> configure:as_fn_error $? "failed linking to libcrypto. Use --with-openssl-lib-dir=<path>, or --with-openssl=no (builds without OpenSSL)
> configure:as_fn_error $? "failed locating OpenSSL headers. Use --with-openssl-include-dir=<path>, or --with-openssl=no (builds without OpenSSL)
For that reason, the config.log files show that the parameters are passed correctly to the configure "sub" script, but since these parameters are ignored the compiler is not able to find the header files. The following log lines are from rlm_eap_pwd, but the others have the same problem:
> configure:2758: checking for openssl/ec.h
> configure:2773: gcc -c -g -O2 conftest.c >&5
> conftest.c:10:30: error: openssl/ec.h: No such file or directory
...
> configure:2850: checking for openssl/ec.h in /usr/local/include/
> configure:2865: gcc -c -g -O2 -isystem /usr/local/include/ conftest.c >&5
> conftest.c:10:30: error: openssl/ec.h: No such file or directory
...
> configure:2850: checking for openssl/ec.h in /opt/include/
> configure:2865: gcc -c -g -O2 -isystem /opt/include/ conftest.c >&5
> conftest.c:10:30: error: openssl/ec.h: No such file or directory
I am quite sure that FRS compiles without problems on many other systems, but in those cases, the compiler takes the OpenSSL header files from the system and not from the specified directories - on my machine, I have removed the openssl-devel RPM package (CentOS), and thus, I get that failure. However, maybe the failure is better than a wrong header file...
When I pass 'CPPFLAGS="-I /opt/openssl/include"' to the main configure script, the problems are solved for the headers - as an example, ec.h is found immediately. However, FRS still uses the system libraries :-(
> checking for openssl/ec.h... yes
> checking for OpenSSL support... yes
> checking for EVP_sha256 in -lc -lcrypto -lssl... no
> configure: WARNING: EVP_sha256 not found, may have issues wirh WiMAX certificates
Please let me know if I can do anything to help you solving the issue,
Andreas
More information about the Freeradius-Users
mailing list