Jeff Fulmer wrote:

Hi,

I'm the author of siege, an open source http regression tester. I
recently started to recieve complaints from users on Red Hat 9.0 systems. Apparently openssl is built with kerberos support on red hat 9.0 and it requires krb5.h which is in /usr/kerberos/include
How can I detect if openssl was built with kerberos support?


I don't know how to detect if openssl was built with kerberos support, but I had to define OPENSSL_NO_KRB5 (-DOPENSSL_NO_KRB5) to build my own openssl using app on RedHat 9. I thought it was the other way around - that there were unresolved kerberos related symbols - but I may be mistaken. Since I don't use Kerberos and don't really care if support is there or not, that compile define seems to work fine. It works fine on RedHat 7.X, 8 and 9, though I'm not sure it does anything at all on the most up to date errata versions distributed with 7 or 8.


Second Red Hat 9.0 users are experiencing crashes when siege is using https protocol, ie, openssl libs. Several people have experienced
this problem but were unable to replicate it on another system. Is there
a known issue with openssl on Red Hat 9.0? I have not yet recieved a
meaningful stacktrace.


I had problems on RedHat 9 sharing a SSL_CTX between threads. I was establishing multiple simultaneous/overlapping connections to a closed source product on a remote machine - which was also RedHat 9. It turns out the remote machine was also having problems when my client was sharing contexts and I was never really able to track down what was going on - however creating a new context for each connection worked flawlessly, so that's what it's doing at the moment.
Some time later the company that made the product instructed us to add LD_ASSUME_KERNEL=2.4.1 to the environment prior to startup as it apparently forces use of the "old" threading model. I can't really say wether this resolved the original problems or not since it was done after we had moved to production and we're not going to rollback the functional workaround to find out :) That's probably worth trying though, and I'd be interested in hearing if it helps or not.



Andrew


Cheers,
Jeff



______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]

Reply via email to