Description of problem: /lib/libcrypto.so.0.9.7a links to libkrb5 and libgssapi_krb5. I think this might be unnecessary and believe that it could cause problem if libcrypto is used by another Kerberos implementation such as Heimdal. Version-Release number of selected component (if applicable): openssl-0.9.7a-40 Expected results: libcrypto.so in upstream openssl-0.9.7 also linked to the krb5 libs, but in 0.9.7a and onward only libssl.so do so. I suppose it would be alright for the FC openssl to do the same. Additional info: It looks like "${SHLIBDIRS%%*ssl*}" in openssl-0.9.7a-krb5.patch always evaulates to the empty string. If I comment out that patch in the spec file and rebuild, ldd output for libcrypto and libssl are the same as with a manually built openssl without any patches. The corresponding OpenSSL Request Tracker issue: http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=418 (login as guest/guest)
> "${SHLIBDIRS%%*ssl*}" [...] always evaulates to the empty string ...because it's evaluated in make, not in the shell.
But using proper escaping in the patch (an extra $ before ${SHLIBDIRS%%*ssl*}) doesn't fix the problem, because SHLIBDIRS is "crypto ssl" the third time the patched code is run, and that seems to be the time that matters. So I propose the following patch, to replace openssl-0.9.7a-krb5.patch.
Created attachment 106242 [details] Fixed replacement for openssl-0.9.7a-krb5.patch
Slightly modified patch applied to rawhide.