Re: [xmlsec] Xmlsec not ok with AIX 5.2
Well, I try again other ways to compile and I think I found a way. Perhaps it could be useful to include it inside the doc or the configure. I figure one way I didn't check with your question... So Thanks a lot ! First I answear to your question : It is correct. I decided to compile myself OpenSSL and I did the self-test and all were ok for OpenSSL. Now for Xmlsec, the compile part is ok, but when I do make check, all tests are failed. In the log they all say the same thing : func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=130:obj=xmlsec_lt_dlopen:subj=unknown:erro r=7:io function failed:filename=libxmlsec1-openssl.so func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=453:obj=unknown:subj=xmlSecCryptoDLL ibraryCreate:error=1:xmlsec library function failed:crypto=openssl func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=404:obj=unknown:subj=xmlSecCryptoDLGetLibrar yFunctions:error=1:xmlsec library function failed: Error: unable to load xmlsec-openssl library. Make sure you have this it installed, check shared libraries path (LD_LIBRARY_PATH) envornment variable or use --crypto option to specify different crypto engine. Error: initialization failed Here is my env : (part of it) PATH=/opt/XML/bin:... LIBPATH=/opt/XML/lib:... LD_LIBRARY_PATH=/opt/XML/lib/... (even if not necessary on AIX) LDFLAGS='-L/opt/XML/lib ...' The only thing I found is that OpenSSL (0.9.8) is only compiled as static library, and OpenSSL(0.9.7) given by IBM (precompiled) is both shared and static version. Now my way to get it working : I compile OpenSSL 0.9.8 in the normal way (aix-gcc) not shared since it is not possible according to the documentation (AIX + GCC KO, but AIX + XLC (IBM compiler) OK). Then I compile xmlenc with the following options : ./configure --prefix=dest --with-libxml=... -with-libxslt=... --with-openssl=where_I_insta lled_my_openssl -- enable-crypto-dl=no --enable-apps-crypto-dl=no I was always using --enable-shared=no previously which brokes the compile step. Now, without specified --enabled-shared but only --enable-(apps)-crypto-dl=no, it compiles well and as far as I see right now, the beginning of the test (check) is ok except from merlin-xmldsig-twenty-three/signature-external-(b64)-dsa, merlin-xmldsig-twenty-three/signature-keyname, merlin-xmldsig-twenty-three/signature-*-x509-*,.merlin-xmldsig-twenty-three/signature and it continues. I send later on the final status. I will try to change of OpenSSL Library to see if it changes something in the check, as I know now how to compile it. So, compiling with gcc on AIX needs to disable crypto-dl to work and of course to add the libcrypto.a staticly to the program when we compile it with xmlenc. Hope this can help other users... Frederic - Original Message - From: Aleksey Sanin [EMAIL PROTECTED] To: ASSO [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Sent: Friday, January 06, 2006 5:47 AM Subject: Re: [xmlsec] Xmlsec not ok with AIX 5.2 According to this log, ./configure script found OpenSSL 0.9.8 installed in /opt/XML includes /opt/XML/include library /opt/XML/lib/libcrypto.a Is this correct? What error do you get for this setup? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Xmlsec not ok with AIX 5.2
To come back on it, the check just finished. Most of failed check now are due to the fact that our testing computer is not allowed to access to internet, so the uri calling method is not ok (x509 for example). The Enc test (last part) is using diff with an option -u (I didn't check the code to see what call is made exactly) but the log of the check says : diff: illegal option -- u then the Usage message which, of course, does not allow -u Perhaps it could be fixed or changed later on. Thank you for your time ! Frederic - Original Message - Now my way to get it working : I compile OpenSSL 0.9.8 in the normal way (aix-gcc) not shared since it is not possible according to the documentation (AIX + GCC KO, but AIX + XLC (IBM compiler) OK). Then I compile xmlenc with the following options : ./configure --prefix=dest --with-libxml=... -with-libxslt=... --with-openssl=where_I_insta lled_my_openssl -- enable-crypto-dl=no --enable-apps-crypto-dl=no it compiles well and as far as I see right now, the beginning of the test (check) is ok except from merlin-xmldsig-twenty-three/signature-external-(b64)-dsa, merlin-xmldsig-twenty-three/signature-keyname, merlin-xmldsig-twenty-three/signature-*-x509-*,.merlin-xmldsig-twenty-three/signature and it continues. I send later on the final status. I will try to change of OpenSSL Library to see if it changes something in the check, as I know now how to compile it. So, compiling with gcc on AIX needs to disable crypto-dl to work and of course to add the libcrypto.a staticly to the program when we compile it with xmlenc. Hope this can help other users... Frederic ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Xmlsec not ok with AIX 5.2
So, compiling with gcc on AIX needs to disable crypto-dl to work and of course to add the libcrypto.a staticly to the program when we compile it with xmlenc. Oh... Now I recall that AIX has some special loader domains for loading shared libs. I believe what happened in your case is that the xmlsec-openssl was compiled against the *new* OpenSSL 0.9.8 that you did build yourself but then it was trying to load the *old* OpenSSL 0.9.7 installed by the system. And this fails for obvious reasons. Take a look here: http://dcs.nac.uci.edu/~strombrg/AIX-shared-libs.html for solutions to this problems. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [Bulk] Re: [xmlsec] ErrorsCallback ???
Thanks for your patience, All I would like to do is trap the most informative message in whatever way works, I am not fussy. In this simple password example it would be The specified network password is not correct message. Neither of 1) setting ErrorsCallback or 2) using xmlGetLastError is working for me. This is true of both openssl and mscrypto. With the ErrorsCallback set, mscrypto returns nothing in the msg argument, and openssl returns the offending p12 file name. I think it makes sense to get back the more informative The specified network password is not correct message. The best would be to get at this most informative msg which always goes to stderr perfectly, but can't be trappped in any easy way programmatically. The xmlGetLastError seemed very attractive and it does work perfectly for all libxml2 calls and returns output which is identical to stderr. Hope this helps, Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: January 6, 2006 12:01 AM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: [Bulk] Re: [xmlsec] ErrorsCallback ??? Ed, I think I found the reason for your confusion. In the first email in this thread you gave several example for MSCrypto error messages with and without errors callback set. I'll pick one of them and will explain the problem: mscrypto epmErrorCallback xmlsec error follows: file..\src\mscrypto\app.c line614 funcxmlSecMSCryptoAppPkcs12LoadMemory errorObject None errorSubjectPFXVerifyPassword reason 4 msg No ErrorsCallback set * func=xmlSecMSCryptoAppPkcs12LoadMemory:file=..\src\mscrypto\app.c:line=614:o bj=unknown:subj=PFXVerifyPassword:error=4:crypto library function failed: ;last error=86 (0x0056);last error msg=The specified network password is not correct. The 'msg' you see in the first case (with epmErrorsCallback) is provided by the xmlsec-mscrypto (or xmlsec-openssl) author. If you go to the corresponding file, you'll see that there is *no* message provided in this case thus you observe correct results. The messages you see in the second case (no custom ErrorsCallback) are created by xmlSecMSCryptoErrorsDefaultCallback() function which is *the* default errors callback when xmlsec-mscrypto is used (yes, it is a little bit confusing :( ). This function simply calls Windows GetLastError() and FormatMessage() to generate the last error=86 (0x0056);last error msg=The specified network password is not correct. message and append it to *all* error messages. I agree, this is confusing but the system does what it was written to do. May be a better approach would be to move this extra xmlSecMSCryptoErrorsDefaultCallback() functionality into the generic xmlSecErrorsDefaultCallback() and just ifdef it for Windows only. Then the output will be consistent between different crypto libraries. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [Bulk] Re: [Bulk] Re: [xmlsec] ErrorsCallback ???
Hi Aleksey, Yes that is correct. When I do not set the callback, I get verbose error messages on stderr. I never see the specific error msg=The specified network password is not correct coming to the callback. The callback when it does receive a msg is not as verbose as what goes to stderr. See output examples from my previous post. 6 out of the 7 arguments work perfectly all the time, it is just the last argument i.e. msg that is inconsistent. No ErrorsCallback set * func=xmlSecMSCryptoAppPkcs12LoadMemory:file=..\src\mscrypto\app.c:line=614:o bj=unknown:subj=PFXVerifyPassword:error=4:crypto library function failed: ;last error=86 (0x0056);last error msg=The specified network password is not correct. func=xmlSecMSCryptoAppPkcs12Load:file=..\src\mscrypto\app.c:line=522:obj=unk nown:subj=xmlSecMSCryptoAppPkcs12LoadMemory:error=1:xmlsec library function failed: ;last error=86 (0x0056);last error msg=The specified network password is not correct. func=xmlSecMSCryptoAppKeyLoad:file=..\src\mscrypto\app.c:line=128:obj=unknow n:subj=xmlSecMSCryptoAppPkcs12Load:error=1:xmlsec library function failed: ;last error=86 (0x0056);last error msg=The specified network password is not correct. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: January 5, 2006 11:43 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: [Bulk] Re: [Bulk] Re: [xmlsec] ErrorsCallback ??? Do you see the error message on stderr? Aleksey Edward Shallow wrote: PostScript ... A call to the following works fine after any libxml2 function throwing an error. I tried it after a failed xmlsec function call and received nothing (i.e. Python None aka NULL) Ed ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [Bulk] Re: [xmlsec] ErrorsCallback ???
The xmlGetLastError seemed very attractive and it does work perfectly for all libxml2 calls and returns output which is identical to stderr. The message on std err from xmlsec is printed by LibXML2. I can not test it on Windows at the moment, but I can get back all this information using xmlGetLastError() on Linux. As I wrote you before, the extra information you see is provided from *system* GetLasstError() call. You can make same call from python inside your error callback. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [Bulk] Re: [Bulk] Re: [xmlsec] ErrorsCallback ???
Hi Aleksey, Thanks once again. The following worked when added to the ErrorsCallback (mscrypto only) ... errCode = win32api.GetLastError() errMsg = win32api.FormatMessage(errCode) Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edward Shallow Sent: January 6, 2006 12:07 PM To: xmlsec@aleksey.com Subject: RE: [Bulk] Re: [Bulk] Re: [xmlsec] ErrorsCallback ??? Oh I see. You mean the Windows Win32::GetLastError() call. I do not mind trying this as a work-around. I'll let you know. I think the ideal would be to normalize the error handling as you suggested. Thanks, Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: January 6, 2006 12:00 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: [Bulk] Re: [Bulk] Re: [xmlsec] ErrorsCallback ??? The xmlGetLastError seemed very attractive and it does work perfectly for all libxml2 calls and returns output which is identical to stderr. The message on std err from xmlsec is printed by LibXML2. I can not test it on Windows at the moment, but I can get back all this information using xmlGetLastError() on Linux. As I wrote you before, the extra information you see is provided from *system* GetLasstError() call. You can make same call from python inside your error callback. Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec