Bug 708550

Summary: mod_auth_cas cannot be loaded after update to RHEL 6.1
Product: [Fedora] Fedora EPEL Reporter: Jimmy Ngo <jimmyngo>
Component: mod_auth_casAssignee: Adam Miller <maxamillion>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: el6CC: bugzilla, eric.eisenhart, maxamillion, tremble, treydock, viorel
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: mod_auth_cas-1.1-3.fc25 mod_auth_cas-1.1-3.el6 mod_auth_cas-1.1-3.el7 mod_auth_cas-1.1-3.fc23 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-23 16:26:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
SRPM for version 1.0.9.1 none

Description Jimmy Ngo 2011-05-27 23:23:20 UTC 
Description of problem:
mod_auth_cas cannot be loaded by Apache after updating to RHEL 6.1. It was working fine on RHEL 6.0 before the update. I assume some shared library update caused this.

Version-Release number of selected component (if applicable):
mod_auth_cas.x86_64               1.0.8.1-2.el6

How reproducible:
Reproduced on a freshly installed RHEL 6.0 machine after updating to RHEL 6.1.

Steps to Reproduce:
1. Update to RHEL 6.1
2. Try to load mod_auth_cas into Apache
  
Actual results:
Cannot load /etc/httpd/modules/mod_auth_cas.so into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: SSL_connect

Expected results:
mod_auth_cas should load in Apache as it did with RHEL 6.0.

Additional info:
ldd suggests that the only shared library is libc.so.6 although, it seems that SSL_connect is part of openssl. I've also tried installing the compatibility version (openssl098e) from the RHEL repo, but that did not fix the problem either.
Comment 1 Jimmy Ngo 2011-06-03 00:47:58 UTC 
After further investigation, it appears that the recent update with openldap caused mod_auth_cas to not find the openldap libraries. mod_auth_cas.so should be linked to libssl to provide the SSL_connect symbol.

https://rhn.redhat.com/errata/RHBA-2011-0673.html
Comment 2 Jimmy Ngo 2011-06-03 01:00:46 UTC 
Alternatively, the default conf file should have an IfModule directive to load mod_ssl before trying to load mod_auth_cas

--- auth_cas.conf.old   2011-06-02 17:59:51.000000000 -0700
+++ auth_cas.conf       2011-06-02 17:58:53.000000000 -0700
@@ -2,5 +2,8 @@
 # mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the
 # CASv1 and CASv2 protocols
 #
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
 
 LoadModule auth_cas_module modules/mod_auth_cas.so
Comment 3 Eric Eisenhart 2011-08-17 20:49:37 UTC 
*** Bug 731547 has been marked as a duplicate of this bug. ***
Comment 4 Trey Dockendorf 2011-10-18 16:59:41 UTC 
Added the mod_ssl IfModule directive to auth_cas.conf fixed this problem for me.
Comment 5 Fedora Update System 2011-10-18 17:47:20 UTC 
mod_auth_cas-1.0.8.1-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mod_auth_cas-1.0.8.1-3.el6
Comment 6 Fedora Update System 2011-10-24 15:37:34 UTC 
Package mod_auth_cas-1.0.8.1-3.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing mod_auth_cas-1.0.8.1-3.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4731
then log in and leave karma (feedback).
Comment 7 Viorel Tabara 2011-11-03 22:28:54 UTC 
The fix requires mod_ssl but the RPM package does not require it?

   $ rpm -qpRi mod_auth_cas-1.0.8.1-3.el6.i686.rpm
   config(mod_auth_cas) = 1.0.8.1-3.el6
   httpd  
   libc.so.6  
   libc.so.6(GLIBC_2.0)  
   libc.so.6(GLIBC_2.1.3)  
   libc.so.6(GLIBC_2.3.4)  
   libc.so.6(GLIBC_2.4)  
   rpmlib(CompressedFileNames) <= 3.0.4-1
   rpmlib(FileDigests) <= 4.6.0-1
   rpmlib(PayloadFilesHavePrefix) <= 4.0-1
   rtld(GNU_HASH)  
   rpmlib(PayloadIsXz) <= 5.2-1
   Name        : mod_auth_cas                 Relocations: (not relocatable)
   Version     : 1.0.8.1                           Vendor: Fedora Project
   Release     : 3.el6                         Build Date: Tue 18 Oct 2011 11:42:09 AM MDT
   Install Date: (not installed)               Build Host: x86-17.phx2.fedoraproject.org
   Group       : System Environment/Daemons    Source RPM: mod_auth_cas-1.0.8.1-3.el6.src.rpm
   Size        : 55906                            License: GPLv3+ with exceptions
   Signature   : (none)
   Packager    : Fedora Project
   URL         : http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas
   Summary     : Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols
   Description :
   mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the CASv1
   and CASv2 protocols
Comment 8 Trey Dockendorf 2011-11-03 23:12:10 UTC 
That fixes this but I get this warning when restarting apache
-------------

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: [Thu Nov 03 18:09:24 2011] [warn] module ssl_module is already loaded, skipping
                                                           [  OK  ]


To solve I added this to my ssl.conf
-------------
<IfModule !mod_ssl.c>
        LoadModule ssl_module modules/mod_ssl.so
</IfModule>

I also noticed the same thing, that mod_auth_cas does not automatically require mod_ssl in yum.
Comment 9 Aaron Howell 2013-01-24 06:02:39 UTC 
Created attachment 686472 [details]
SRPM for version 1.0.9.1

I have created a RPM for ourselves based off of 1.0.8.1 SRPM - I've updated to the lastest release (1.0.9.1) available from github and patched in a further fix for a build issue. It appears the "SSL_connect" issue has been resolved in this version for 6.1
Comment 10 Fedora Update System 2016-09-02 22:28:42 UTC 
mod_auth_cas-1.1-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d103f54e1
Comment 11 Fedora Update System 2016-09-02 22:28:57 UTC 
mod_auth_cas-1.1-3.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f10bc2847b
Comment 12 Fedora Update System 2016-09-02 22:29:07 UTC 
mod_auth_cas-1.1-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe566c7cc3
Comment 13 Fedora Update System 2016-09-02 22:29:15 UTC 
mod_auth_cas-1.1-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-658421e322
Comment 14 Fedora Update System 2016-09-02 22:29:23 UTC 
mod_auth_cas-1.1-3.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bdffaa7e00
Comment 15 Fedora Update System 2016-09-04 01:17:40 UTC 
mod_auth_cas-1.1-3.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bdffaa7e00
Comment 16 Fedora Update System 2016-09-04 01:17:49 UTC 
mod_auth_cas-1.1-3.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f10bc2847b
Comment 17 Fedora Update System 2016-09-04 01:19:27 UTC 
mod_auth_cas-1.1-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-658421e322
Comment 18 Fedora Update System 2016-09-04 01:21:32 UTC 
mod_auth_cas-1.1-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7d103f54e1
Comment 19 Fedora Update System 2016-09-04 01:23:52 UTC 
mod_auth_cas-1.1-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe566c7cc3
Comment 20 Fedora Update System 2016-09-23 16:26:04 UTC 
mod_auth_cas-1.1-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 21 Fedora Update System 2016-09-23 19:19:26 UTC 
mod_auth_cas-1.1-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 22 Fedora Update System 2016-09-23 19:49:40 UTC 
mod_auth_cas-1.1-3.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2016-09-23 23:21:36 UTC 
mod_auth_cas-1.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.