Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 5 Jun 2006 13:13:56 +0200 (CEST)
From:      Dan Lukes <dan@obluda.cz>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/98525: [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports)
Message-ID:  <200606051113.k55BDu9r035891@kulesh.obluda.cz>
Resent-Message-ID: <200606051120.k55BKMJE014136@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         98525
>Category:       ports
>Synopsis:       [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 05 11:20:21 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Dan Lukes
>Release:        FreeBSD
>Organization:
Obludarium
>Environment:


>Description:
	Lets OS contain OpenSSL installed from ports (in standard LOCALBASE location,
e.g. /usr/local/...; the BASE OpenSSL is still present in apropriate directories).

	The freeradius configuration and compilation then use inconsistent mix of 
BASE components and PORT components. Configuration problems caused by this mix 
may cause the diferent parts of freeradius are compiled with different OpenSSL. 
Some of them may be compiled without OpenSSL support (where the configure fail 
during test of OpenSSL).


	The results may differ on different versions of FreeBSD (because of different 
differecies of BASE and PORTS OpenSSL)

	On FreeBSD 4.11, where I tried it, it result some unrunnable modules (because 
of unresolved symbols):

Error: rlm_eap: Failed to link EAP-Type/tls: /usr/local/lib/rlm_eap_tls-1.1.2.so: 
        Undefined symbol "cbtls_password"
Error: radiusd.conf[9]: eap: Module instantiation failed.
Error: radiusd.conf[1735] Unknown module "eap".
Error: radiusd.conf[1682] Failed to parse authenticate section.

	It's because supporting library has been compiled without OpenSSL 
(because configure found it broken), but others part not.

The problem seems to exist on FreeBSD 5 and FreeBSD 6 also, althought 
I didn't tried it personally. 

>How-To-Repeat:
	On system with both base and ports OpenSSL make FreeRadius and run it. Check
	/var/log/radius.log for errors
>Fix:

	We need to use consistent set of include and librarises. Fortunatelly, 
the freeradius's configure has --with-openssl-includes --with-openssl-libraries options
allowing operator to switch off the internal logic and supply the necesarry informations
by hand.

	The FreeBSD build system has it's own detection which OpenSSL should be used.
So I used it and passed the results (the ${OPENSSLINC} and ${OPENSSLLIB}) to
the freeradius configure replacing configure's logic by FreeBSD's logic

--- Makefile.ORIG	Mon Jun  5 12:12:06 2006
+++ Makefile	Mon Jun  5 12:26:34 2006
@@ -25,14 +25,6 @@
 USE_GMAKE=	yes
 USE_PERL5=	yes
 USE_OPENSSL=	yes
-CONFIGURE_ARGS=	--prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \
-		--localstatedir=/var \
-		--disable-ltdl-install \
-		--with-ltdl-include=${LOCALBASE}/include \
-		--with-ltdl-lib=${LOCALBASE}/lib \
-		--with-large-files --without-rlm_sql_unixodbc \
-		--without-rlm_sql_oracle --without-rlm_sql_iodbc \
-		--without-rlm_sql_db2
 MAKE_ARGS+=	LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}"
 
 PLIST_SUB=	PORTVERSION=${PORTVERSION}
@@ -47,6 +39,17 @@
 
 .include <bsd.port.pre.mk>
 
+CONFIGURE_ARGS=	--prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \
+		--localstatedir=/var \
+		--disable-ltdl-install \
+		--with-ltdl-include=${LOCALBASE}/include \
+		--with-ltdl-lib=${LOCALBASE}/lib \
+		--with-large-files --without-rlm_sql_unixodbc \
+		--without-rlm_sql_oracle --without-rlm_sql_iodbc \
+		--without-rlm_sql_db2 \
+		--with-openssl-includes=${OPENSSLINC} \
+		--with-openssl-libraries=${OPENSSLLIB}
+
 .if ${ARCH} == amd64
 CONFIGURE_ARGS+=	--with-pic
 .endif
@@ -54,6 +57,7 @@
 .if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS)
 WITH_KERBEROS=	yes
 .endif
+
 
 .ifdef(WITH_KERBEROS)
 .ifdef(WITH_HEIMDAL)
>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606051113.k55BDu9r035891>