Bug 111301

Summary: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
Product: Red Hat Enterprise Linux 3 Reporter: Dan Nuffer <redhatbugzilla>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: rpm
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-19 15:32:38 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 82369    
Bug Blocks:    

Description Dan Nuffer 2003-12-01 15:50:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1)
Gecko/20030425

Description of problem:
I'm trying to compile OpenWBEM (http://www.openwbem.org).  It includes
some openssl headers, which in turn try to include krb5.h which isn't
in the standard include dirs.  Here's the compile error:

In file included from /usr/include/openssl/ssl.h:179,
                 from OW_SSLCtxMgr.hpp:37,
                 from OW_SSLSocketImpl.hpp:42,
                 from OW_SSLSocketImpl.cpp:38:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory

The krb5.h header is in /usr/kerberos/include/
This is just wrong, since the openssl headers include them, the
kerberos headers should be someplace where they can be found by the
compiler without having to add -I/usr/kerberos/include to the build.  

OpenWBEM doesn't even know or care about kerberos, and so it should
not be necessary to modify the build to have to include the kerberos
header files.

Version-Release number of selected component (if applicable):
krb5-devel-1.2.7-19

How reproducible:
Always

Steps to Reproduce:
1. Compile something that includes <openssl/ssl.h>
2.
3.
    

Additional info:
Comment 1 steve shapero 2004-01-28 22:07:36 EST
Try doing configure like this:
CPPFLAGS=-I/usr/kerberos/include ./configure 
or where ever your kerberos header files are.
Comment 2 Holger Dippel 2004-02-23 12:20:56 EST
Have an installation of RedHat Enterprise 3 AS with the out-of-the-box
OpenSSL libraries v.0.9.7a

I try to compile ProFTPD with TLS (http://www.proftpd.org/) and it
fails  because it cannot find the krb5.h file referenced by kssl.h in
/usr/include/openssl

Checking the /usr/include/openssl folder, I can only find a krb5_asn.h
file. Any attempts of symoblic linking, renaming, ... doesn't work.

Following the advice in other bug reports and Steve's comment, I
included /usr/kerberos/include and /usr/include/openssl as compiler
flags. Didn't help either.
Comment 3 Holger Dippel 2004-02-23 18:31:00 EST
Just found a solution:

cp /usr/kerberos/include/* /usr/include/openssl

with the standard, latest Kerberos and OpenSSL RPMs before compiling
fixes the problem.

Maybe there could be a more permanent fix in a future RPM release, no?
Comment 4 Carl Brewer 2004-03-01 00:33:55 EST
I'm seeing the same problem trying to compile apache1.3.29 with
mod_ssl 2.8.16 on 
Red Hat Enterprise Linux ES release 3 (Taroon Update 1)

The solution above didn't help, this is the error I'm seeing :

 ===> src/modules/ssl
gcc -c  -I../../os/unix -I../../include   -DLINUX=22 -DMOD_SSL=208116
-DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `../../apaci` -DSSL_COMPAT
-DSSL_USE_SDBM -DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.16\" mod_ssl.c
In file included from /usr/include/openssl/ssl.h:179,
                 from mod_ssl.h:116,
                 from mod_ssl.c:65:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
                 from mod_ssl.h:116,
                 from mod_ssl.c:65:
/usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: syntax error before '*' token

the funny thing is why is it even looking for kerberos?

changing the ssl.h include file to explicitly define OPENSSL_NO_KRB5
and wrapping the #include <openssl/kssl.h> worked at compile time, but
I don't think that's a viable long-term approach.

and a heap more syntax error messages before it bails out.

I did this :
cp -R /usr/kerberos/include/* /usr/include/openssl/.
and am compiling as root to avoid any possible permission problems
(this is a test box :) )
Comment 5 Brian Carp 2004-03-05 12:04:06 EST
I had the same problem trying to install Pine 4.58, which uses OpenSSL.  I didn't want 
to just include the directoy, I was hoping to make the fix a little more universal so 
that I wouldn't run into the problem again.  So I messed around with the header files, 
which probably isn't the best solution, but whatever.  Hopefully there will be a bug fix 
for this.  Anyway, here how I fixed the problem (as root):

cd /usr/include
ln -s /usr/kerberos/include kerberos

File edits:
in /usr/include/openssl/kssl.h
   /usr/kerberos/include/gssapi/gssapi_krb5.h
#include <krb5.h>    -->   #include <kerberos/krb5.h>

in /usr/kerberos/include/krb5.h
#include <profile.h>  -->  #include <kerberos/profile.h>

in /usr/kerberos/include/krb5.h
   /usr/kerberos/include/profile.h
   /usr/kerberos/include/kerberosIV/krb_err.h
#include <com_err.h>  -->  #include <kerberos/com_err.h>

The problem seems to be with the Kerberos include files, in general.  It doesn't seem 
right to me that they'd try to bracket-include files like "profile.h", which is clearly a 
kerberos header file and not a top-level system header file.  "com_err.h" is similary 
problematic; I found a different "com_err.h" file in /usr/include/et (on Redhat 
Enterprise Linux ES 3) which is very different, but again it seems pretty clear that 
these references are to the "com_err.h" file in the kerberos tree.  Anyway, like I said 
this might not be the best solution, but it seems to be a fairly robust one (and not too 
dangerous).
Comment 6 Justin Johnson 2004-04-09 10:12:56 EDT
I got the same error when trying to compile pyOpenSSL 0.5.1 on RedHat 9.

# python setup.py install
/usr/local/lib/python2.3/distutils/dist.py:213: UserWarning: 'licence'
distribution option is deprecated; use 'license'
  warnings.warn(msg)
running install
running build
running build_py
running build_ext
building 'OpenSSL.crypto' extension
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall
-Wstrict-prototypes -fPIC -I/usr/local/include/python2.3 -c
src/crypto/pkcs7.c -o build/temp.linux-i686-2.3/src/crypto/pkcs7.o
In file included from /usr/include/openssl/ssl.h:179,
                 from src/crypto/x509.h:17,
                 from src/crypto/crypto.h:17,
                 from src/crypto/pkcs7.c:12:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
                 from src/crypto/x509.h:17,
                 from src/crypto/crypto.h:17,
                 from src/crypto/pkcs7.c:12:
/usr/include/openssl/kssl.h:134: parse error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: parse error before '*' token
/usr/include/openssl/kssl.h:137: parse error before '}' token
/usr/include/openssl/kssl.h:149: parse error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:149: parse error before '*' token
/usr/include/openssl/kssl.h:150: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:151: parse error before '*' token
/usr/include/openssl/kssl.h:152: parse error before '*' token
/usr/include/openssl/kssl.h:153: parse error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:153: parse error before '*' token
/usr/include/openssl/kssl.h:155: parse error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:155: parse error before '*' token
/usr/include/openssl/kssl.h:157: parse error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:157: parse error before '*' token
/usr/include/openssl/kssl.h:159: parse error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:159: parse error before '*' token
/usr/include/openssl/kssl.h:161: parse error before "context"
/usr/include/openssl/kssl.h:162: parse error before
"kssl_build_principal_2"
/usr/include/openssl/kssl.h:162: parse error before "context"
/usr/include/openssl/kssl.h:165: parse error before "kssl_validate_times"
/usr/include/openssl/kssl.h:165: parse error before "atime"
/usr/include/openssl/kssl.h:167: parse error before "kssl_check_authent"
/usr/include/openssl/kssl.h:167: parse error before '*' token
/usr/include/openssl/kssl.h:169: parse error before "enctype"
In file included from src/crypto/x509.h:17,
                 from src/crypto/crypto.h:17,
                 from src/crypto/pkcs7.c:12:
/usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: parse error before '}' token
src/crypto/pkcs7.c:14: warning: `CVSid' defined but not used
error: command 'gcc' failed with exit status 1
#
Comment 7 Justin Johnson 2004-04-09 10:24:43 EDT
I got past the problem with pyOpenSSL by adding the following to setup.py:

IncludeDirs = ['/usr/kerberos/include']
Comment 8 Jason Chambers 2004-04-16 06:00:00 EDT
FIX:  When running make:
-------------------------------------
make CPPFLAGS=-I/usr/kerberos/include
-------------------------------------
Comment 9 Matt Kotich 2004-04-16 13:11:48 EDT
I'm also running into the apache 1.3.29 issue on RHEL 3.0.  It really
sucks, because i've tried the cp -R /usr/kerberos/include/*
/usr/openssl/include but I still get the same errors... I actually was
successful in making when I did the CPPFLAGS=-I/usr/kerberos/include
./configure solution, but then our .htaccess files didn't work over
httpsd, although .htaccess works perfect using httpd.  I'm not sure
exactly what's breaking it.

In any case, here's the message I get:

apache_1.3.29]# make
===> src
make[1]: Entering directory `/usr/xxx/apache_1.3.29'
make[2]: Entering directory `/usr/xxx/apache_1.3.29/src'
===> src/os/unix
gcc -c  -I../../os/unix -I../../include -I/usr/local/ssl/include  
-DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED
-DAPACHE_SSL `../../apaci` os.c
gcc -c  -I../../os/unix -I../../include -I/usr/local/ssl/include  
-DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED
-DAPACHE_SSL `../../apaci` os-inline.c
rm -f libos.a
ar cr libos.a os.o os-inline.o
ranlib libos.a
<=== src/os/unix
===> src/ap
gcc -c  -I../os/unix -I../include -I/usr/local/ssl/include  
-DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED
-DAPACHE_SSL `../apaci` ap_cpystrn.c
In file included from /usr/include/openssl/ssl.h:179,
                 from ../include/buff.h:75,
                 from ../include/httpd.h:79,
                 from ap_cpystrn.c:59:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
                 from ../include/buff.h:75,
                 from ../include/httpd.h:79,
                 from ap_cpystrn.c:59:

I wouldn't mind using the CPPFLAGS solution, but, It doesn't seem to
work correctly either (it compiles, but still doesn't work right.) 
and I shouldn't have to.  This is a very basic compilation of a very
basic software, and it works on every other OS that i've tried out of
the box, I expected that RHEL would be no exception to that, and that
it would actually be better than the rest if anything.  Kinda
disappointed in that.. (everything else is great about it, though, I'm
not pissed or anything.)  Hopefully there will be a permanant solution
in the near future.  Until then I'm forced to run an older version of
apache that I somehow got to work.  Compiling 1.3.28 on another server
and bringing the binary over works ok, so that's what I'm doing for
now.. compiling 1.3.29 on another server and bringing it over does not
work, it breaks .htaccess.
Comment 10 Brian Carp 2004-05-12 14:43:20 EDT
This bug is a duplicate of <strike><a href="show_bug.cgi?id=82369" title="CLOSED 
WONTFIX - ssl.h includes kssl.h which includes (not in /usr/include) 
krb5.h">82369</a></strike>, which has been marked as WONTFIX.  I'm not sure 
why it hasn't been marked yet.  (It's marked as a dependency instead, but that's not 
really accurate).
Comment 11 RHEL Product and Program Management 2007-10-19 15:32:38 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
 
For more information of the RHEL errata support policy, please visit:
http://www.redhat.com/security/updates/errata/
 
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.