This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 708550 - mod_auth_cas cannot be loaded after update to RHEL 6.1
mod_auth_cas cannot be loaded after update to RHEL 6.1
Status: ON_QA
Product: Fedora EPEL
Classification: Fedora
Component: mod_auth_cas (Show other bugs)
el6
x86_64 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Adam Miller
Fedora Extras Quality Assurance
:
: 731547 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-27 19:23 EDT by Jimmy Ngo
Modified: 2013-01-24 01:04 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
SRPM for version 1.0.9.1 (75.67 KB, audio/x-pn-realaudio-plugin)
2013-01-24 01:02 EST, Aaron Howell
no flags Details

  None (edit)
Description Jimmy Ngo 2011-05-27 19:23:20 EDT
Description of problem:
mod_auth_cas cannot be loaded by Apache after updating to RHEL 6.1. It was working fine on RHEL 6.0 before the update. I assume some shared library update caused this.

Version-Release number of selected component (if applicable):
mod_auth_cas.x86_64               1.0.8.1-2.el6

How reproducible:
Reproduced on a freshly installed RHEL 6.0 machine after updating to RHEL 6.1.

Steps to Reproduce:
1. Update to RHEL 6.1
2. Try to load mod_auth_cas into Apache
  
Actual results:
Cannot load /etc/httpd/modules/mod_auth_cas.so into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: SSL_connect

Expected results:
mod_auth_cas should load in Apache as it did with RHEL 6.0.

Additional info:
ldd suggests that the only shared library is libc.so.6 although, it seems that SSL_connect is part of openssl. I've also tried installing the compatibility version (openssl098e) from the RHEL repo, but that did not fix the problem either.
Comment 1 Jimmy Ngo 2011-06-02 20:47:58 EDT
After further investigation, it appears that the recent update with openldap caused mod_auth_cas to not find the openldap libraries. mod_auth_cas.so should be linked to libssl to provide the SSL_connect symbol.

https://rhn.redhat.com/errata/RHBA-2011-0673.html
Comment 2 Jimmy Ngo 2011-06-02 21:00:46 EDT
Alternatively, the default conf file should have an IfModule directive to load mod_ssl before trying to load mod_auth_cas

--- auth_cas.conf.old   2011-06-02 17:59:51.000000000 -0700
+++ auth_cas.conf       2011-06-02 17:58:53.000000000 -0700
@@ -2,5 +2,8 @@
 # mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the
 # CASv1 and CASv2 protocols
 #
+<IfModule !mod_ssl.c>
+LoadModule ssl_module modules/mod_ssl.so
+</IfModule>
 
 LoadModule auth_cas_module modules/mod_auth_cas.so
Comment 3 Eric Eisenhart 2011-08-17 16:49:37 EDT
*** Bug 731547 has been marked as a duplicate of this bug. ***
Comment 4 Trey Dockendorf 2011-10-18 12:59:41 EDT
Added the mod_ssl IfModule directive to auth_cas.conf fixed this problem for me.
Comment 5 Fedora Update System 2011-10-18 13:47:20 EDT
mod_auth_cas-1.0.8.1-3.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/mod_auth_cas-1.0.8.1-3.el6
Comment 6 Fedora Update System 2011-10-24 11:37:34 EDT
Package mod_auth_cas-1.0.8.1-3.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing mod_auth_cas-1.0.8.1-3.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4731
then log in and leave karma (feedback).
Comment 7 Viorel Tabara 2011-11-03 18:28:54 EDT
The fix requires mod_ssl but the RPM package does not require it?

   $ rpm -qpRi mod_auth_cas-1.0.8.1-3.el6.i686.rpm
   config(mod_auth_cas) = 1.0.8.1-3.el6
   httpd  
   libc.so.6  
   libc.so.6(GLIBC_2.0)  
   libc.so.6(GLIBC_2.1.3)  
   libc.so.6(GLIBC_2.3.4)  
   libc.so.6(GLIBC_2.4)  
   rpmlib(CompressedFileNames) <= 3.0.4-1
   rpmlib(FileDigests) <= 4.6.0-1
   rpmlib(PayloadFilesHavePrefix) <= 4.0-1
   rtld(GNU_HASH)  
   rpmlib(PayloadIsXz) <= 5.2-1
   Name        : mod_auth_cas                 Relocations: (not relocatable)
   Version     : 1.0.8.1                           Vendor: Fedora Project
   Release     : 3.el6                         Build Date: Tue 18 Oct 2011 11:42:09 AM MDT
   Install Date: (not installed)               Build Host: x86-17.phx2.fedoraproject.org
   Group       : System Environment/Daemons    Source RPM: mod_auth_cas-1.0.8.1-3.el6.src.rpm
   Size        : 55906                            License: GPLv3+ with exceptions
   Signature   : (none)
   Packager    : Fedora Project
   URL         : http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas
   Summary     : Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols
   Description :
   mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the CASv1
   and CASv2 protocols
Comment 8 Trey Dockendorf 2011-11-03 19:12:10 EDT
That fixes this but I get this warning when restarting apache
-------------

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: [Thu Nov 03 18:09:24 2011] [warn] module ssl_module is already loaded, skipping
                                                           [  OK  ]


To solve I added this to my ssl.conf
-------------
<IfModule !mod_ssl.c>
        LoadModule ssl_module modules/mod_ssl.so
</IfModule>

I also noticed the same thing, that mod_auth_cas does not automatically require mod_ssl in yum.
Comment 9 Aaron Howell 2013-01-24 01:02:39 EST
Created attachment 686472 [details]
SRPM for version 1.0.9.1

I have created a RPM for ourselves based off of 1.0.8.1 SRPM - I've updated to the lastest release (1.0.9.1) available from github and patched in a further fix for a build issue. It appears the "SSL_connect" issue has been resolved in this version for 6.1

Note You need to log in before you can comment on or make changes to this bug.