From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1) Gecko/20030425 Description of problem: I'm trying to compile OpenWBEM (http://www.openwbem.org). It includes some openssl headers, which in turn try to include krb5.h which isn't in the standard include dirs. Here's the compile error: In file included from /usr/include/openssl/ssl.h:179, from OW_SSLCtxMgr.hpp:37, from OW_SSLSocketImpl.hpp:42, from OW_SSLSocketImpl.cpp:38: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory The krb5.h header is in /usr/kerberos/include/ This is just wrong, since the openssl headers include them, the kerberos headers should be someplace where they can be found by the compiler without having to add -I/usr/kerberos/include to the build. OpenWBEM doesn't even know or care about kerberos, and so it should not be necessary to modify the build to have to include the kerberos header files. Version-Release number of selected component (if applicable): krb5-devel-1.2.7-19 How reproducible: Always Steps to Reproduce: 1. Compile something that includes <openssl/ssl.h> 2. 3. Additional info:
Try doing configure like this: CPPFLAGS=-I/usr/kerberos/include ./configure or where ever your kerberos header files are.
Have an installation of RedHat Enterprise 3 AS with the out-of-the-box OpenSSL libraries v.0.9.7a I try to compile ProFTPD with TLS (http://www.proftpd.org/) and it fails because it cannot find the krb5.h file referenced by kssl.h in /usr/include/openssl Checking the /usr/include/openssl folder, I can only find a krb5_asn.h file. Any attempts of symoblic linking, renaming, ... doesn't work. Following the advice in other bug reports and Steve's comment, I included /usr/kerberos/include and /usr/include/openssl as compiler flags. Didn't help either.
Just found a solution: cp /usr/kerberos/include/* /usr/include/openssl with the standard, latest Kerberos and OpenSSL RPMs before compiling fixes the problem. Maybe there could be a more permanent fix in a future RPM release, no?
I'm seeing the same problem trying to compile apache1.3.29 with mod_ssl 2.8.16 on Red Hat Enterprise Linux ES release 3 (Taroon Update 1) The solution above didn't help, this is the error I'm seeing : ===> src/modules/ssl gcc -c -I../../os/unix -I../../include -DLINUX=22 -DMOD_SSL=208116 -DUSE_HSREGEX -DEAPI -DNO_DL_NEEDED `../../apaci` -DSSL_COMPAT -DSSL_USE_SDBM -DSSL_ENGINE -DMOD_SSL_VERSION=\"2.8.16\" mod_ssl.c In file included from /usr/include/openssl/ssl.h:179, from mod_ssl.h:116, from mod_ssl.c:65: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory In file included from /usr/include/openssl/ssl.h:179, from mod_ssl.h:116, from mod_ssl.c:65: /usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype" /usr/include/openssl/kssl.h:136: syntax error before '*' token the funny thing is why is it even looking for kerberos? changing the ssl.h include file to explicitly define OPENSSL_NO_KRB5 and wrapping the #include <openssl/kssl.h> worked at compile time, but I don't think that's a viable long-term approach. and a heap more syntax error messages before it bails out. I did this : cp -R /usr/kerberos/include/* /usr/include/openssl/. and am compiling as root to avoid any possible permission problems (this is a test box :) )
I had the same problem trying to install Pine 4.58, which uses OpenSSL. I didn't want to just include the directoy, I was hoping to make the fix a little more universal so that I wouldn't run into the problem again. So I messed around with the header files, which probably isn't the best solution, but whatever. Hopefully there will be a bug fix for this. Anyway, here how I fixed the problem (as root): cd /usr/include ln -s /usr/kerberos/include kerberos File edits: in /usr/include/openssl/kssl.h /usr/kerberos/include/gssapi/gssapi_krb5.h #include <krb5.h> --> #include <kerberos/krb5.h> in /usr/kerberos/include/krb5.h #include <profile.h> --> #include <kerberos/profile.h> in /usr/kerberos/include/krb5.h /usr/kerberos/include/profile.h /usr/kerberos/include/kerberosIV/krb_err.h #include <com_err.h> --> #include <kerberos/com_err.h> The problem seems to be with the Kerberos include files, in general. It doesn't seem right to me that they'd try to bracket-include files like "profile.h", which is clearly a kerberos header file and not a top-level system header file. "com_err.h" is similary problematic; I found a different "com_err.h" file in /usr/include/et (on Redhat Enterprise Linux ES 3) which is very different, but again it seems pretty clear that these references are to the "com_err.h" file in the kerberos tree. Anyway, like I said this might not be the best solution, but it seems to be a fairly robust one (and not too dangerous).
I got the same error when trying to compile pyOpenSSL 0.5.1 on RedHat 9. # python setup.py install /usr/local/lib/python2.3/distutils/dist.py:213: UserWarning: 'licence' distribution option is deprecated; use 'license' warnings.warn(msg) running install running build running build_py running build_ext building 'OpenSSL.crypto' extension gcc -pthread -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -I/usr/local/include/python2.3 -c src/crypto/pkcs7.c -o build/temp.linux-i686-2.3/src/crypto/pkcs7.o In file included from /usr/include/openssl/ssl.h:179, from src/crypto/x509.h:17, from src/crypto/crypto.h:17, from src/crypto/pkcs7.c:12: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory In file included from /usr/include/openssl/ssl.h:179, from src/crypto/x509.h:17, from src/crypto/crypto.h:17, from src/crypto/pkcs7.c:12: /usr/include/openssl/kssl.h:134: parse error before "krb5_enctype" /usr/include/openssl/kssl.h:136: parse error before '*' token /usr/include/openssl/kssl.h:137: parse error before '}' token /usr/include/openssl/kssl.h:149: parse error before "kssl_ctx_setstring" /usr/include/openssl/kssl.h:149: parse error before '*' token /usr/include/openssl/kssl.h:150: parse error before '*' token /usr/include/openssl/kssl.h:151: parse error before '*' token /usr/include/openssl/kssl.h:151: parse error before '*' token /usr/include/openssl/kssl.h:152: parse error before '*' token /usr/include/openssl/kssl.h:153: parse error before "kssl_ctx_setprinc" /usr/include/openssl/kssl.h:153: parse error before '*' token /usr/include/openssl/kssl.h:155: parse error before "kssl_cget_tkt" /usr/include/openssl/kssl.h:155: parse error before '*' token /usr/include/openssl/kssl.h:157: parse error before "kssl_sget_tkt" /usr/include/openssl/kssl.h:157: parse error before '*' token /usr/include/openssl/kssl.h:159: parse error before "kssl_ctx_setkey" /usr/include/openssl/kssl.h:159: parse error before '*' token /usr/include/openssl/kssl.h:161: parse error before "context" /usr/include/openssl/kssl.h:162: parse error before "kssl_build_principal_2" /usr/include/openssl/kssl.h:162: parse error before "context" /usr/include/openssl/kssl.h:165: parse error before "kssl_validate_times" /usr/include/openssl/kssl.h:165: parse error before "atime" /usr/include/openssl/kssl.h:167: parse error before "kssl_check_authent" /usr/include/openssl/kssl.h:167: parse error before '*' token /usr/include/openssl/kssl.h:169: parse error before "enctype" In file included from src/crypto/x509.h:17, from src/crypto/crypto.h:17, from src/crypto/pkcs7.c:12: /usr/include/openssl/ssl.h:909: parse error before "KSSL_CTX" /usr/include/openssl/ssl.h:931: parse error before '}' token src/crypto/pkcs7.c:14: warning: `CVSid' defined but not used error: command 'gcc' failed with exit status 1 #
I got past the problem with pyOpenSSL by adding the following to setup.py: IncludeDirs = ['/usr/kerberos/include']
FIX: When running make: ------------------------------------- make CPPFLAGS=-I/usr/kerberos/include -------------------------------------
I'm also running into the apache 1.3.29 issue on RHEL 3.0. It really sucks, because i've tried the cp -R /usr/kerberos/include/* /usr/openssl/include but I still get the same errors... I actually was successful in making when I did the CPPFLAGS=-I/usr/kerberos/include ./configure solution, but then our .htaccess files didn't work over httpsd, although .htaccess works perfect using httpd. I'm not sure exactly what's breaking it. In any case, here's the message I get: apache_1.3.29]# make ===> src make[1]: Entering directory `/usr/xxx/apache_1.3.29' make[2]: Entering directory `/usr/xxx/apache_1.3.29/src' ===> src/os/unix gcc -c -I../../os/unix -I../../include -I/usr/local/ssl/include -DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED -DAPACHE_SSL `../../apaci` os.c gcc -c -I../../os/unix -I../../include -I/usr/local/ssl/include -DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED -DAPACHE_SSL `../../apaci` os-inline.c rm -f libos.a ar cr libos.a os.o os-inline.o ranlib libos.a <=== src/os/unix ===> src/ap gcc -c -I../os/unix -I../include -I/usr/local/ssl/include -DLINUX=22 -DTARGET=\"httpsd\" -I/usr/include/gdbm -DNO_DL_NEEDED -DAPACHE_SSL `../apaci` ap_cpystrn.c In file included from /usr/include/openssl/ssl.h:179, from ../include/buff.h:75, from ../include/httpd.h:79, from ap_cpystrn.c:59: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory In file included from /usr/include/openssl/ssl.h:179, from ../include/buff.h:75, from ../include/httpd.h:79, from ap_cpystrn.c:59: I wouldn't mind using the CPPFLAGS solution, but, It doesn't seem to work correctly either (it compiles, but still doesn't work right.) and I shouldn't have to. This is a very basic compilation of a very basic software, and it works on every other OS that i've tried out of the box, I expected that RHEL would be no exception to that, and that it would actually be better than the rest if anything. Kinda disappointed in that.. (everything else is great about it, though, I'm not pissed or anything.) Hopefully there will be a permanant solution in the near future. Until then I'm forced to run an older version of apache that I somehow got to work. Compiling 1.3.28 on another server and bringing the binary over works ok, so that's what I'm doing for now.. compiling 1.3.29 on another server and bringing it over does not work, it breaks .htaccess.
This bug is a duplicate of <strike><a href="show_bug.cgi?id=82369" title="CLOSED WONTFIX - ssl.h includes kssl.h which includes (not in /usr/include) krb5.h">82369</a></strike>, which has been marked as WONTFIX. I'm not sure why it hasn't been marked yet. (It's marked as a dependency instead, but that's not really accurate).
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.