Lets OS contain OpenSSL installed from ports (in standard LOCALBASE location, e.g. /usr/local/...; the BASE OpenSSL is still present in apropriate directories). The freeradius configuration and compilation then use inconsistent mix of BASE components and PORT components. Configuration problems caused by this mix may cause the diferent parts of freeradius are compiled with different OpenSSL. Some of them may be compiled without OpenSSL support (where the configure fail during test of OpenSSL). The results may differ on different versions of FreeBSD (because of different differecies of BASE and PORTS OpenSSL) On FreeBSD 4.11, where I tried it, it result some unrunnable modules (because of unresolved symbols): Error: rlm_eap: Failed to link EAP-Type/tls: /usr/local/lib/rlm_eap_tls-1.1.2.so: Undefined symbol "cbtls_password" Error: radiusd.conf[9]: eap: Module instantiation failed. Error: radiusd.conf[1735] Unknown module "eap". Error: radiusd.conf[1682] Failed to parse authenticate section. It's because supporting library has been compiled without OpenSSL (because configure found it broken), but others part not. The problem seems to exist on FreeBSD 5 and FreeBSD 6 also, althought I didn't tried it personally. Fix: We need to use consistent set of include and librarises. Fortunatelly, the freeradius's configure has --with-openssl-includes --with-openssl-libraries options allowing operator to switch off the internal logic and supply the necesarry informations by hand. The FreeBSD build system has it's own detection which OpenSSL should be used. So I used it and passed the results (the ${OPENSSLINC} and ${OPENSSLLIB}) to the freeradius configure replacing configure's logic by FreeBSD's logic How-To-Repeat: On system with both base and ports OpenSSL make FreeRadius and run it. Check /var/log/radius.log for errors
State Changed From-To: open->closed Committed, thanks!
Kris Kennaway napsal/wrote, On 06/08/06 07:14: > ====================<phase 7: make package>==================== > ===> Building package for freeradius-1.1.2 > tar: lib/rlm_eap_peap-1.1.2.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_peap-1.1.2.so: Cannot stat: No such file or directory > tar: lib/rlm_eap_peap.a: Cannot stat: No such file or directory > tar: lib/rlm_eap_peap.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_peap.so: Cannot stat: No such file or directory > tar: lib/rlm_eap_tls-1.1.2.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_tls-1.1.2.so: Cannot stat: No such file or directory > tar: lib/rlm_eap_tls.a: Cannot stat: No such file or directory > tar: lib/rlm_eap_tls.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_tls.so: Cannot stat: No such file or directory > tar: lib/rlm_eap_ttls-1.1.2.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_ttls-1.1.2.so: Cannot stat: No such file or directory > tar: lib/rlm_eap_ttls.a: Cannot stat: No such file or directory > tar: lib/rlm_eap_ttls.la: Cannot stat: No such file or directory > tar: lib/rlm_eap_ttls.so: Cannot stat: No such file or directory > tar: lib/rlm_otp-1.1.2.la: Cannot stat: No such file or directory > tar: lib/rlm_otp-1.1.2.so: Cannot stat: No such file or directory > tar: lib/rlm_otp.a: Cannot stat: No such file or directory > tar: lib/rlm_otp.la: Cannot stat: No such file or directory > tar: lib/rlm_otp.so: Cannot stat: No such file or directory It seems the radius has rejected the "OpenSSL from BASE" and skipped compation of the OpenSSL related modules. Well. The problem starts when I need to install OpenSSL from PORTs because of bug in base system OpenSSL. Now, the radius still have the problem with base OpenSSL. So I recommend to force freeradius dependence to OpenSSL from ports on FreeBSD 4. It's hack a lot, may be, there is a better solution, but I don't know one for now. Dan -- Dan Lukes SISAL MFF UK AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz
Dan Lukes pí¹e v èt 08. 06. 2006 v 10:36 +0200: > Kris Kennaway napsal/wrote, On 06/08/06 07:14: > > ====================<phase 7: make package>==================== > > ===> Building package for freeradius-1.1.2 > > tar: lib/rlm_eap_peap-1.1.2.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_peap-1.1.2.so: Cannot stat: No such file or directory > > tar: lib/rlm_eap_peap.a: Cannot stat: No such file or directory > > tar: lib/rlm_eap_peap.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_peap.so: Cannot stat: No such file or directory > > tar: lib/rlm_eap_tls-1.1.2.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_tls-1.1.2.so: Cannot stat: No such file or directory > > tar: lib/rlm_eap_tls.a: Cannot stat: No such file or directory > > tar: lib/rlm_eap_tls.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_tls.so: Cannot stat: No such file or directory > > tar: lib/rlm_eap_ttls-1.1.2.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_ttls-1.1.2.so: Cannot stat: No such file or directory > > tar: lib/rlm_eap_ttls.a: Cannot stat: No such file or directory > > tar: lib/rlm_eap_ttls.la: Cannot stat: No such file or directory > > tar: lib/rlm_eap_ttls.so: Cannot stat: No such file or directory > > tar: lib/rlm_otp-1.1.2.la: Cannot stat: No such file or directory > > tar: lib/rlm_otp-1.1.2.so: Cannot stat: No such file or directory > > tar: lib/rlm_otp.a: Cannot stat: No such file or directory > > tar: lib/rlm_otp.la: Cannot stat: No such file or directory > > tar: lib/rlm_otp.so: Cannot stat: No such file or directory > > > It seems the radius has rejected the "OpenSSL from BASE" and skipped > compation of the OpenSSL related modules. > > Well. The problem starts when I need to install OpenSSL from PORTs > because of bug in base system OpenSSL. Now, the radius still have the > problem with base OpenSSL. > > So I recommend to force freeradius dependence to OpenSSL from ports on > FreeBSD 4. It's hack a lot, may be, there is a better solution, but I > don't know one for now. What about skipping these modules on 4.X with base OpenSSL? -- Pav Lucistnik <pav@oook.cz> <pav@FreeBSD.org> May your code work forever and never have a bug.
On Thu, Jun 08, 2006 at 10:36:47AM +0200, Dan Lukes wrote: > Kris Kennaway napsal/wrote, On 06/08/06 07:14: > >====================<phase 7: make package>==================== > >===> Building package for freeradius-1.1.2 > >tar: lib/rlm_eap_peap-1.1.2.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_peap-1.1.2.so: Cannot stat: No such file or directory > >tar: lib/rlm_eap_peap.a: Cannot stat: No such file or directory > >tar: lib/rlm_eap_peap.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_peap.so: Cannot stat: No such file or directory > >tar: lib/rlm_eap_tls-1.1.2.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_tls-1.1.2.so: Cannot stat: No such file or directory > >tar: lib/rlm_eap_tls.a: Cannot stat: No such file or directory > >tar: lib/rlm_eap_tls.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_tls.so: Cannot stat: No such file or directory > >tar: lib/rlm_eap_ttls-1.1.2.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_ttls-1.1.2.so: Cannot stat: No such file or directory > >tar: lib/rlm_eap_ttls.a: Cannot stat: No such file or directory > >tar: lib/rlm_eap_ttls.la: Cannot stat: No such file or directory > >tar: lib/rlm_eap_ttls.so: Cannot stat: No such file or directory > >tar: lib/rlm_otp-1.1.2.la: Cannot stat: No such file or directory > >tar: lib/rlm_otp-1.1.2.so: Cannot stat: No such file or directory > >tar: lib/rlm_otp.a: Cannot stat: No such file or directory > >tar: lib/rlm_otp.la: Cannot stat: No such file or directory > >tar: lib/rlm_otp.so: Cannot stat: No such file or directory > > > It seems the radius has rejected the "OpenSSL from BASE" and skipped > compation of the OpenSSL related modules. > > Well. The problem starts when I need to install OpenSSL from PORTs > because of bug in base system OpenSSL. Now, the radius still have the > problem with base OpenSSL. > > So I recommend to force freeradius dependence to OpenSSL from ports > on FreeBSD 4. It's hack a lot, may be, there is a better solution, but I > don't know one for now. Please verify that it's not broken in the same way on other versions too. Kris
Pav Lucistnik napsal/wrote, On 06/08/06 14:54: > What about skipping these modules on 4.X with base OpenSSL? It need depth evaluation. The package has no single configure - modules has it's own configure scripts and it's logic related to openssl seems not to be so consistent - at least on FreeBSD 4 with base OpenSSL. We need to be sure it reject or accept OpenSSL consistently for all compiled components. Even the port is successfully compiled and packaged, it may not be runnable because some symbols may be required by one component (which wish the OpenSSL is present) but not present in other component (which detects no OpenSSL in system). The PR 98525 (this PR) reports this kind of problem. Unfortunately, all my 4.x system are production system with PORT's OpenSSL installed (because the BASE OpenSSL is broken), so I can't do required tests on BASE only system. Your way may be better if you can evaluate all consequences. My way is just hack - it should work in all cases but it's suboptimal on some. Kris Kennaway napsal/wrote, On 06/08/06 15:31: > Please verify that it's not broken in the same way on other versions too. The committed patch should not broke the compilation on 5.x and 6.x with base OpenSSL as supplied parameters are the same as auto detected. On 4.x, 5.x, 6.x with PORT OpenSSL it should work also. The only problematic configuration should be 4.x with BASE OpenSSL due malfunction of freeradius configure system. Well, it's theory, I know. I sucesfully compiled and created package on: 1. 6-STABLE, no PORT OpenSSL 2. 6-STABLE, PORT OpenSSL 3. 4.11-RELEASE-p18, PORT OpenSSL No try to configure and run it on my side with exception of [3] which successfully runs on production server. Dan -- Dan Lukes SISAL MFF UK AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz