Date: Mon, 5 Jun 2006 13:13:56 +0200 (CEST) From: Dan Lukes <dan@obluda.cz> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/98525: [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports) Message-ID: <200606051113.k55BDu9r035891@kulesh.obluda.cz> Resent-Message-ID: <200606051120.k55BKMJE014136@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 98525
>Category: ports
>Synopsis: [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 05 11:20:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD
>Organization:
Obludarium
>Environment:
>Description:
Lets OS contain OpenSSL installed from ports (in standard LOCALBASE location,
e.g. /usr/local/...; the BASE OpenSSL is still present in apropriate directories).
The freeradius configuration and compilation then use inconsistent mix of
BASE components and PORT components. Configuration problems caused by this mix
may cause the diferent parts of freeradius are compiled with different OpenSSL.
Some of them may be compiled without OpenSSL support (where the configure fail
during test of OpenSSL).
The results may differ on different versions of FreeBSD (because of different
differecies of BASE and PORTS OpenSSL)
On FreeBSD 4.11, where I tried it, it result some unrunnable modules (because
of unresolved symbols):
Error: rlm_eap: Failed to link EAP-Type/tls: /usr/local/lib/rlm_eap_tls-1.1.2.so:
Undefined symbol "cbtls_password"
Error: radiusd.conf[9]: eap: Module instantiation failed.
Error: radiusd.conf[1735] Unknown module "eap".
Error: radiusd.conf[1682] Failed to parse authenticate section.
It's because supporting library has been compiled without OpenSSL
(because configure found it broken), but others part not.
The problem seems to exist on FreeBSD 5 and FreeBSD 6 also, althought
I didn't tried it personally.
>How-To-Repeat:
On system with both base and ports OpenSSL make FreeRadius and run it. Check
/var/log/radius.log for errors
>Fix:
We need to use consistent set of include and librarises. Fortunatelly,
the freeradius's configure has --with-openssl-includes --with-openssl-libraries options
allowing operator to switch off the internal logic and supply the necesarry informations
by hand.
The FreeBSD build system has it's own detection which OpenSSL should be used.
So I used it and passed the results (the ${OPENSSLINC} and ${OPENSSLLIB}) to
the freeradius configure replacing configure's logic by FreeBSD's logic
--- Makefile.ORIG Mon Jun 5 12:12:06 2006
+++ Makefile Mon Jun 5 12:26:34 2006
@@ -25,14 +25,6 @@
USE_GMAKE= yes
USE_PERL5= yes
USE_OPENSSL= yes
-CONFIGURE_ARGS= --prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \
- --localstatedir=/var \
- --disable-ltdl-install \
- --with-ltdl-include=${LOCALBASE}/include \
- --with-ltdl-lib=${LOCALBASE}/lib \
- --with-large-files --without-rlm_sql_unixodbc \
- --without-rlm_sql_oracle --without-rlm_sql_iodbc \
- --without-rlm_sql_db2
MAKE_ARGS+= LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}"
PLIST_SUB= PORTVERSION=${PORTVERSION}
@@ -47,6 +39,17 @@
.include <bsd.port.pre.mk>
+CONFIGURE_ARGS= --prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \
+ --localstatedir=/var \
+ --disable-ltdl-install \
+ --with-ltdl-include=${LOCALBASE}/include \
+ --with-ltdl-lib=${LOCALBASE}/lib \
+ --with-large-files --without-rlm_sql_unixodbc \
+ --without-rlm_sql_oracle --without-rlm_sql_iodbc \
+ --without-rlm_sql_db2 \
+ --with-openssl-includes=${OPENSSLINC} \
+ --with-openssl-libraries=${OPENSSLLIB}
+
.if ${ARCH} == amd64
CONFIGURE_ARGS+= --with-pic
.endif
@@ -54,6 +57,7 @@
.if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS)
WITH_KERBEROS= yes
.endif
+
.ifdef(WITH_KERBEROS)
.ifdef(WITH_HEIMDAL)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606051113.k55BDu9r035891>