| Summary: | Link failure with openssl 0.9.8 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Tom Schulz <schulz> | ||||
| Component: | Build system | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | normal | CC: | djm, joann.coffaro | ||||
| Priority: | P2 | ||||||
| Version: | 4.4p1 | ||||||
| Hardware: | All | ||||||
| OS: | HP-UX | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 1803 | ||||||
| Attachments: |
|
||||||
|
Description
Tom Schulz
2006-11-11 07:36:10 AEDT
If I follow a hint in the openssl changes file and add -DOPENSSL_NO_DEPRECATED to the c flags, I get an error much earlier. cc -O -DOPENSSL_NO_DEPRECATED -I. -I. -I/opt/local/include -I/opt/local /include -DSSHDIR=\"/opt/local/etc\" -D_PATH_SSH_PROGRAM=\"/opt/local /bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/opt/local/libexec/ssh-askpass \" -D_PATH_SFTP_SERVER=\"/opt/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/opt/local/libexec/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/em pty\" -DSSH_RAND_HELPER=\"/opt/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H -c kexdhc.c "kexdhc.c", line 68: improper member use: pub_key "kexdhc.c", line 113: warning: implicit function declaration: DH_size "kexdhc.c", line 115: warning: implicit function declaration: DH_compute_key "kexdhc.c", line 132: improper member use: pub_key "kexdhc.c", line 139: warning: implicit function declaration: DH_free cc: acomp failed for kexdhc.c *** Error code 2 make: Fatal error: Command failed for target `kexdhc.o' Where did you put the openssl install, and what configure options did you use? I suspect that OpenSSL has converted DSA_generate_parameters and RSA_generate_key from functions to a compatibility #defines, and that you have an old version of the headers in your include path somewhere. Openssl 0.9.8d was built as follows: ./Configure shared --prefix=/opt/local enable-rc5 enable-mdc2 zlib-dynamic -DOPENSSL_NO_DEPRECATED -I/opt/local/include -R/opt/local/lib solaris-sparcv7-cc Ah! I expect that you need it to be built without the '-DOPENSSL_NO_DEPRECATED'. I will try that and see if that helps. There are compatibility versons of those functions in crypto/dsa/dsa_depr.c and crypto/rsa/rsa_depr.c in the openssl source. Rebuilding Openssl 0.9.8d without '-DOPENSSL_NO_DEPRECATED' fixed the undefined symbol problem. Note that the Openssl 0.9.7 build was also done with '-DOPENSSL_NO_DEPRECATED'. Perhaps DSA_generate_parameters and RSA_generate_key were not deprecated in that version. Your call as to whether this is a bug or not. The Openssl people do suggest building with '-DOPENSSL_NO_DEPRECATED' defined. (In reply to comment #4) > Your call as to whether this is a bug or not. The Openssl people do > suggest building with '-DOPENSSL_NO_DEPRECATED' defined. From what I can see the problem with that is that the replacement functions don't exist in OpenSSL 0.9.7x or earlier, which OpenSSH supports, so it would have to carry compatibility code for OpenSSL instead. I'd prefer not to have to do that. Created attachment 1914 [details]
/home/djm/ssh-openssl-no-deprecated.diff
remove use of "deprecated" functions
This patch has been committed. It will be in OpenSSH 5.7. Move resolved bugs to CLOSED after 5.7 release |