openssl and krb5 problems with cvs HEAD
On my Red Hat 9 machine I'm getting the following error during compile
when configured --with-krb5=/usr/kerberos:
i386-redhat-linux-gcc -O2 -g -Wall -Wmissing-prototypes
-Wmissing-declarations -fpic -I. -I../../../src/include
-I/usr/kerberos/include -DFRONTEND -DSYSCONFDIR='"/etc/sysconfig/pgsql"'
-c -o fe-auth.o fe-auth.c -MMD
fe-auth.c: In function `pg_krb5_sendauth':
fe-auth.c:392: parse error before ')' token
fe-auth.c:368: warning: unused variable `auth_context'
fe-auth.c:369: warning: unused variable `err_ret'
fe-auth.c: At top level:
fe-auth.c:400: warning: type defaults to `int' in declaration of `retval'
fe-auth.c:400: `auth_context' undeclared here (not in a function)
fe-auth.c:401: `sock' undeclared here (not in a function)
fe-auth.c:402: `server' undeclared here (not in a function)
fe-auth.c:405: `err_ret' undeclared here (not in a function)
fe-auth.c:405: initializer element is not constant
fe-auth.c:405: warning: data definition has no type or storage class
fe-auth.c:406: parse error before "if"
fe-auth.c:432: warning: type defaults to `int' in declaration of `ret'
fe-auth.c:432: warning: data definition has no type or storage class
fe-auth.c:433: parse error before '}' token
fe-auth.c:435: warning: type defaults to `int' in declaration of
`krb5_free_principal'
fe-auth.c:435: warning: parameter names (without types) in function
declaration
fe-auth.c:435: conflicting types for `krb5_free_principal'
/usr/kerberos/include/krb5.h:1923: previous declaration of
`krb5_free_principal'
fe-auth.c:435: warning: data definition has no type or storage class
fe-auth.c:437: parse error before "if"
fe-auth.c:442: warning: type defaults to `int' in declaration of `ret'
fe-auth.c:442: redefinition of `ret'
fe-auth.c:432: `ret' previously defined here
fe-auth.c:442: warning: data definition has no type or storage class
fe-auth.c:443: parse error before '}' token
make[3]: *** [fe-auth.o] Error 1
make[3]: Leaving directory `/opt/src/pgsql/src/interfaces/libpq'
Looks like it must be related to Bruce's commit from earlier today right
at line 392:
/pgsql-server/src/interfaces/libpq/fe-auth.c
version 1.77, 2003/05/15 16:35:30
(I'd post a link to webcvs, but it seems to be down for the past few hours)
I also noticed that if I try to configure --with-openssl but *not*
--with-krb5=/usr/kerberos, I get configure errors. The error occurs on a
test involving /usr/include/openssl/kssl.h when <krb5.h> cannot be
found. In /usr/include/openssl/kssl.h I see this:
#ifndef OPENSSL_NO_KRB5
#include <stdio.h>
#include <ctype.h>
#include <krb5.h>
And indeed, if I define CPPFLAGS=-DOPENSSL_NO_KRB5 explicitly all goes
fine. It seems Red Hat puts krb5.h here -- /usr/kerberos/include/krb5.h
-- and that is only found when --with-krb5=/usr/kerberos is specified.
I'm not sure what the proper fix for this is. Perhaps a test in
configure.in like this?
if test "$with_openssl" = yes ; then
if test "$with_krb5" = no ; then
AC_DEFINE(OPENSSL_NO_KRB5, 1,
[Define to build with OpenSSL but not Kerberos 5 support.
(--with-openssl --without-krb5)])
fi
fi
Joe
Joe Conway <mail@joeconway.com> writes:
Looks like it must be related to Bruce's commit from earlier today right
at line 392:
/pgsql-server/src/interfaces/libpq/fe-auth.c
version 1.77, 2003/05/15 16:35:30
Looks like a simple typo --- I've reverted it.
I also noticed that if I try to configure --with-openssl but *not*
--with-krb5=/usr/kerberos, I get configure errors.
Is that a new problem?
And indeed, if I define CPPFLAGS=-DOPENSSL_NO_KRB5 explicitly all goes
fine.
It's not clear to me that we should be mucking with OpenSSL's
configuration symbols. I think filing this as an OpenSSL bug would be
a better choice.
regards, tom lane
Tom Lane wrote:
Looks like a simple typo --- I've reverted it.
Thanks.
I also noticed that if I try to configure --with-openssl but *not*
--with-krb5=/usr/kerberos, I get configure errors.Is that a new problem?
Dunno -- this was the first time I tried that combo (due to the krb5
related failure).
And indeed, if I define CPPFLAGS=-DOPENSSL_NO_KRB5 explicitly all goes
fine.It's not clear to me that we should be mucking with OpenSSL's
configuration symbols. I think filing this as an OpenSSL bug would be
a better choice.
OK. I'll see about contacting them.
Joe
I also noticed that if I try to configure --with-openssl but *not*
--with-krb5=/usr/kerberos, I get configure errors.Is that a new problem?
Dunno -- this was the first time I tried that combo (due to the krb5
related failure).
It's a namespace problem, iirc. Where ever the problem actually lies,
FreeBSD works around with with the below fix to CPPFLAGS and it seems
to be the generally accepted "way" to deal with openssl. I actually
find it surprising that we haven't run across this sooner.
And indeed, if I define CPPFLAGS=-DOPENSSL_NO_KRB5 explicitly all goes
fine.It's not clear to me that we should be mucking with OpenSSL's
configuration symbols. I think filing this as an OpenSSL bug would be
a better choice.OK. I'll see about contacting them.
--
Sean Chittenden
Tom Lane wrote:
And indeed, if I define CPPFLAGS=-DOPENSSL_NO_KRB5 explicitly all goes
fine.It's not clear to me that we should be mucking with OpenSSL's
configuration symbols. I think filing this as an OpenSSL bug would be
a better choice.
It's a problem with RedHat 9, I've faced few days ago trying to compile
Apache+SSL and PHP+SSL.
More details on:
http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=84331
A quick workaround is to define before ./configure
CFLAGS=-I/usr/kerberos/include
Bye.
--
Daniele Orlandi
Planet Srl