Filip writes:
Hi list, im trying to compile the newest sendmail tarball.
is start the configure script as shown :
./configure --with-ssl=/usr/local/ssl/include/openssl
the configure script is exiting with the following error:
makedepend: warning: socket.c, line 504: cannot find include file
"openssl/ssl.h"
[...]
any suggestions ??
Yes, I submitted a patch to fix this and a couple of other
annoyances with ssl support. See the first patch below . . .
David
8<----------8<----------8<----------8<----------8<----------8<----------8<----
To: fetchmail-friends(_at_)ccil(_dot_)org
From: levinedl(_at_)acm(_dot_)org
Date: Sat, 06 Sep 2003 10:53:46 -0500
Subject: [fetchmail] fixes for SSL support
X-BeenThere: fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
X-Mailman-Version: 2.1b2+
Precedence: list
Reply-To: levinedl(_at_)acm(_dot_)org
List-Id: Fetchmail open-source POP and IMAP client daemon
<fetchmail-friends.lists.ccil.org>
List-Post: <mailto:fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org>
List-Subscribe: <http://lists.ccil.org/mailman/listinfo/fetchmail-friends>,
<mailto:fetchmail-friends-request(_at_)lists(_dot_)ccil(_dot_)org?subject=subscribe>
List-Unsubscribe: <http://lists.ccil.org/mailman/listinfo/fetchmail-friends>,
<mailto:fetchmail-friends-request(_at_)lists(_dot_)ccil(_dot_)org?subject=unsubscribe>
List-Archive: <http://lists.ccil.org/pipermail/fetchmail-friends>
List-Help:
<mailto:fetchmail-friends-request(_at_)lists(_dot_)ccil(_dot_)org?subject=help>
Sender:
fetchmail-friends-bounces+levinedl=acm(_dot_)org(_at_)lists(_dot_)ccil(_dot_)org
Errors-To:
fetchmail-friends-bounces+levinedl=acm(_dot_)org(_at_)lists(_dot_)ccil(_dot_)org
Hi,
fetchmail version: 6.2.4
OS: SunOS 5.8
compiler: gcc 3.3
configure options: --disable-nls --prefix=/opt/local \
--with-ssl=/opt/local/ssl CPFLAGS=-m32 LDFLAGS=-m32
Three problems/warnings, the first two of which are related to
enabling SSL:
1) configure adds -I$with_ssl/include/openssl, but #includes are
of this form: #include "openssl/ssl.h". There should only
be one appearance of openssl, preferably in the #include. Patch
for configure appears below, it removes the trailing /openssl from
the -I.
2) The second issue is a runtime failure with ssl enabled on platforms
that do not have a built-in random number generator:
19770:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:503:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
fetchmail: SSL connection failed.
fetchmail: Query status=3 (AUTHFAIL)
As noted in that FAQ, patches are available for SunOS 5.8 to add
the random devices. However, the FAQ also notes that applications
should call RAND_add () or RAND_seed () on systems that don't have
such devices. I did that in socket.c and it works, though it's not
pretty. See patch below.
3) The third issue is a warning from socket.c:
socket.c: In function `SSL_verify_callback':
socket.c:832: warning: assignment discards qualifiers from pointer target
type
This is easily fixed by declaring digest_tp to be const EVP_MP *
instead of nonconst; the only uses of it allow const so this is
harmless. It appears in the socket.c patch below.
Thanks,
David
8<----------8<----------8<----------8<----------8<----------8<----------8<----
--- configure Sat Sep 6 11:18:42 2003
+++ configure.orig Thu Jul 17 15:14:21 2003
@@ -13628,7 +13628,7 @@
### In Red Hat 9, this file includes a reference to <krb5.h>, so we
### force the Kerberos direcory onto the include path so it will build.
echo "Enabling OpenSSL support in $with_ssl"
- CEFLAGS="$CEFLAGS -I$with_ssl/include -I/usr/kerberos/include"
+ CEFLAGS="$CEFLAGS -I$with_ssl/include/openssl -I/usr/kerberos/include"
### OpenBSD comes with ssl headers
elif test -r /usr/include/ssl/ssl.h
then
8<----------8<----------8<----------8<----------8<----------8<----------8<----
--- socket.c Sat Sep 6 11:30:25 2003
+++ socket.c.orig Wed Aug 6 00:28:57 2003
@@ -40,11 +40,6 @@
#include "fetchmail.h"
#include "i18n.h"
-#ifdef SSL_ENABLE
-#include <sys/stat.h>
-#include <sys/time.h>
-#endif /* SSL_ENABLE */
-
/* Defines to allow BeOS and Cygwin to play nice... */
#ifdef __BEOS__
static char peeked;
@@ -763,7 +758,7 @@
int err, depth;
unsigned char digest[EVP_MAX_MD_SIZE];
char text[EVP_MAX_MD_SIZE * 3 + 1], *tp, *te;
- const EVP_MD *digest_tp;
+ EVP_MD *digest_tp;
unsigned int dsz, i, esz;
X509_NAME *subj, *issuer;
@@ -906,29 +901,9 @@
char *fingerprint, char *servercname, char *label)
{
SSL *ssl;
- struct stat randstat;
- int i;
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
-
-#ifdef SSL_ENABLE
- if (stat("/dev/random", &randstat) &&
- stat("/dev/urandom", &randstat)) {
- /* Neither /dev/random nor /dev/urandom are present, so add
- entropy to the SSL PRNG a hard way. */
- for (i = 0; i < 10000 && ! RAND_status (); ++i) {
- char buf[4];
- struct timeval tv;
- gettimeofday (&tv, 0);
- buf[0] = tv.tv_usec & 0xF;
- buf[2] = (tv.tv_usec & 0xF0) >> 4;
- buf[3] = (tv.tv_usec & 0xF00) >> 8;
- buf[1] = (tv.tv_usec & 0xF000) >> 12;
- RAND_add (buf, sizeof buf, 0.1);
- }
- }
-#endif /* SSL_ENABLE */
if( sock < 0 || sock > FD_SETSIZE ) {
report(stderr, GT_("File descriptor out of range for SSL") );
_______________________________________________
Fetchmail-friends mailing list
Fetchmail-friends(_at_)lists(_dot_)ccil(_dot_)org
http://lists.ccil.org/mailman/listinfo/fetchmail-friends