Red Hat Bugzilla – Bug 708550
mod_auth_cas cannot be loaded after update to RHEL 6.1
Last modified: 2013-01-24 01:04:50 EST
Description of problem:
mod_auth_cas cannot be loaded by Apache after updating to RHEL 6.1. It was working fine on RHEL 6.0 before the update. I assume some shared library update caused this.
Version-Release number of selected component (if applicable):
Reproduced on a freshly installed RHEL 6.0 machine after updating to RHEL 6.1.
Steps to Reproduce:
1. Update to RHEL 6.1
2. Try to load mod_auth_cas into Apache
Cannot load /etc/httpd/modules/mod_auth_cas.so into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: SSL_connect
mod_auth_cas should load in Apache as it did with RHEL 6.0.
ldd suggests that the only shared library is libc.so.6 although, it seems that SSL_connect is part of openssl. I've also tried installing the compatibility version (openssl098e) from the RHEL repo, but that did not fix the problem either.
After further investigation, it appears that the recent update with openldap caused mod_auth_cas to not find the openldap libraries. mod_auth_cas.so should be linked to libssl to provide the SSL_connect symbol.
Alternatively, the default conf file should have an IfModule directive to load mod_ssl before trying to load mod_auth_cas
--- auth_cas.conf.old 2011-06-02 17:59:51.000000000 -0700
+++ auth_cas.conf 2011-06-02 17:58:53.000000000 -0700
@@ -2,5 +2,8 @@
# mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the
# CASv1 and CASv2 protocols
+LoadModule ssl_module modules/mod_ssl.so
LoadModule auth_cas_module modules/mod_auth_cas.so
*** Bug 731547 has been marked as a duplicate of this bug. ***
Added the mod_ssl IfModule directive to auth_cas.conf fixed this problem for me.
mod_auth_cas-126.96.36.199-3.el6 has been submitted as an update for Fedora EPEL 6.
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing mod_auth_cas-188.8.131.52-3.el6'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
The fix requires mod_ssl but the RPM package does not require it?
$ rpm -qpRi mod_auth_cas-184.108.40.206-3.el6.i686.rpm
config(mod_auth_cas) = 220.127.116.11-3.el6
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsXz) <= 5.2-1
Name : mod_auth_cas Relocations: (not relocatable)
Version : 18.104.22.168 Vendor: Fedora Project
Release : 3.el6 Build Date: Tue 18 Oct 2011 11:42:09 AM MDT
Install Date: (not installed) Build Host: x86-17.phx2.fedoraproject.org
Group : System Environment/Daemons Source RPM: mod_auth_cas-22.214.171.124-3.el6.src.rpm
Size : 55906 License: GPLv3+ with exceptions
Signature : (none)
Packager : Fedora Project
URL : http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas
Summary : Apache 2.0/2.2 compliant module that supports the CASv1 and CASv2 protocols
mod_auth_cas is an Apache 2.0/2.2 compliant module that supports the CASv1
and CASv2 protocols
That fixes this but I get this warning when restarting apache
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Thu Nov 03 18:09:24 2011] [warn] module ssl_module is already loaded, skipping
[ OK ]
To solve I added this to my ssl.conf
LoadModule ssl_module modules/mod_ssl.so
I also noticed the same thing, that mod_auth_cas does not automatically require mod_ssl in yum.
Created attachment 686472 [details]
SRPM for version 126.96.36.199
I have created a RPM for ourselves based off of 188.8.131.52 SRPM - I've updated to the lastest release (184.108.40.206) available from github and patched in a further fix for a build issue. It appears the "SSL_connect" issue has been resolved in this version for 6.1