Bug 135961 - libcrypto.so unnecessarily links to krb5 libs
libcrypto.so unnecessarily links to krb5 libs
Product: Fedora
Classification: Fedora
Component: openssl (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
: EasyFix, Patch
Depends On:
  Show dependency treegraph
Reported: 2004-10-15 17:59 EDT by Alexander Boström
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: openssl-0.9.7e-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-01 20:17:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fixed replacement for openssl-0.9.7a-krb5.patch (539 bytes, patch)
2004-11-05 17:56 EST, Alexander Boström
no flags Details | Diff

  None (edit)
Description Alexander Boström 2004-10-15 17:59:30 EDT
Description of problem:

/lib/libcrypto.so.0.9.7a links to libkrb5 and libgssapi_krb5. I think
this might be unnecessary and believe that it could cause problem if
libcrypto is used by another Kerberos implementation such as Heimdal.

Version-Release number of selected component (if applicable):


Expected results:

libcrypto.so in upstream openssl-0.9.7 also linked to the krb5 libs,
but in 0.9.7a and onward only libssl.so do so. I suppose it would be
alright for the FC openssl to do the same.

Additional info:

It looks like "${SHLIBDIRS%%*ssl*}" in openssl-0.9.7a-krb5.patch
always evaulates to the empty string. If I comment out that patch in
the spec file and rebuild, ldd output for libcrypto and libssl are the
same as with a manually built openssl without any patches.

The corresponding OpenSSL Request Tracker issue:
http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=418 (login as
Comment 1 Alexander Boström 2004-10-15 18:50:50 EDT
> "${SHLIBDIRS%%*ssl*}" [...] always evaulates to the empty string

...because it's evaluated in make, not in the shell.
Comment 2 Alexander Boström 2004-11-05 17:55:20 EST
But using proper escaping in the patch (an extra $ before
${SHLIBDIRS%%*ssl*}) doesn't fix the problem, because SHLIBDIRS is
"crypto ssl" the third time the patched code is run, and that seems to
be the time that matters.

So I propose the following patch, to replace openssl-0.9.7a-krb5.patch.
Comment 3 Alexander Boström 2004-11-05 17:56:44 EST
Created attachment 106242 [details]
Fixed replacement for openssl-0.9.7a-krb5.patch
Comment 4 Tomas Mraz 2005-03-01 20:17:08 EST
Slightly modified patch applied to rawhide.

Note You need to log in before you can comment on or make changes to this bug.