This is exactly why there is this check in the configure.in :) The question is why it didn't work in this case
Aleksey On 3/5/14, 2:15 PM, Dmitry Belyavsky wrote: > Hello! > > Some time ago Redhat-based Linuxes did not support EC cryptography > because of patent restrictions. > > > On Wed, Mar 5, 2014 at 9:18 PM, Aleksey Sanin <[email protected] > <mailto:[email protected]>> wrote: > > File a bug with redhat? Compile OpenSSL manually? xmlsec has a check > if ecdsa is present: > > AC_EGREP_CPP(yes,[ > #include <openssl/opensslconf.h> > #ifdef OPENSSL_NO_ECDSA > yes > #endif > ],[ > OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_NO_ECDSA=1" > ]) > CPPFLAGS=$OLD_CPPFLAGS > > Not sure why it doesn't work on redhat > > Aleksey > > On 3/5/14, 9:12 AM, Derek Nutile wrote: > > Thanks Aleksey, > > > > The openssl-devel package was missing. I installed it and ./configure > > now finds OpenSSL, which is progress. However, it appears > RedHat/Centos > > based distribution's do not include the ec or ecdsa.h header files. > > > > Error during make: > > In file included from app.c:31:0: > > ../../include/xmlsec/openssl/crypto.h:204:27: fatal error: > > openssl/ecdsa.h: No such file or directory > > compilation terminated. > > > > It appears these files have been dropped from these distribution's due > > to legal worries. > > > > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=319901 > > Reference: https://bitcointalk.org/index.php?topic=9476.0 > > > > Any suggestions? > > > > Thank you again, > > Derek > > > > > > > > On Wed, Mar 5, 2014 at 8:44 AM, Aleksey Sanin <[email protected] > <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > I don't know, but I would check if you have openssl-devel package > > installed > > > > Aleksey > > > > On 3/5/14, 6:29 AM, Derek Nutile wrote: > > > Aleksey, > > > > > > In my last message, I asked if there was a compatibility > issue with > > > OpenSSL 1.x, but I just installed XMLSec on an Ubuntu system > with > > > OpenSSL 1.0.1 just fine. So I tried to compile XMLSec on a > Centos > > > machine with openssl 1.x and that also fails. To me, the common > > > denominator is the distribution. > > > > > > How can I get XMLSec to compile with OpenSSL on a non-Debian > linux? > > > What am I missing? > > > > > > > > > On Wed, Mar 5, 2014 at 4:50 AM, Derek Nutile > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>>> wrote: > > > > > > Aleksey, > > > > > > I cannot get the compiler to locate openssl. > > > > > > Running ./configure with no options has this in the logs: > > > checking for OPENSSL... no > > > > > > Running ./configure --with-openssl=/usr/bin/openssl logs > this: > > > checking for openssl libraries >= 0.9.6... no > > > > > > Is it possible that xmlsec doesn't work with OpenSSL > 1.0.1e? Do I > > > have any other options? > > > > > > Thank you, > > > Derek > > > > > > > > > > > > On Tue, Mar 4, 2014 at 10:40 AM, Aleksey Sanin > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>>> wrote: > > > > > > Yes, you might need to re-compile xmlsec. xmlsec-openssl > > is the > > > default > > > crypto engine thus ./configure probably just didn't find > > openssl for > > > whatever reason. Run ./configure and look at the output > > and logs to > > > figure out what is happening. > > > > > > Aleksey > > > > > > On 3/4/14, 10:09 AM, Derek Nutile wrote: > > > > Thank you for your response Aleksey. > > > > > > > > How do I use OpenSSL instead of GCrypt? Do I > recompile > > the xmlsec > > > > source? I looked at the ./configure --help output > and it's > > > not clear to > > > > me how to. Should I add ' --with-openssl=path'? > Should I > > > also use ' > > > > --without-gcrypt'? > > > > > > > > > > > > On Tue, Mar 4, 2014 at 6:09 AM, Aleksey Sanin > > > <[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > > > > <mailto:[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>>>> wrote: > > > > > > > > Sounds like you are using GCrypt and it > doesn't support > > > PEM key format. > > > > Try to use OpenSSL instead. > > > > > > > > Aleksey > > > > > > > > On 3/1/14, 1:43 PM, Derek Nutile wrote: > > > > > Hello Aleksey, > > > > > > > > > > Hopefully you can help me. I'm implementing > > Django SAML > > > > > (https://bitbucket.org/lgs/djangosaml2) in a > project > > > which relies on > > > > > your XMLSec library. The application works > flawlessly > > > on my local > > > > > development environment (Mac), but returns > errors > > on my > > > staging > > > > server, > > > > > an Amazon EC2 instance. I'm struggling to > isolate the > > > issue. The > > > > > exception that is generated in my SAML > application > > is as > > > follows: > > > > > > > > > > Exception: > > > > > > > > > > > > > > > > func=xmlSecGCryptAppKeyLoadMemory:file=app.c:line=248:obj=unknown:subj=unknown:error=17:invalid > > > > > format:format=7 > > > > > > > > > > > > > > > > func=xmlSecGCryptAppKeyLoad:file=app.c:line=176:obj=unknown:subj=xmlSecGCryptAppKeyLoadMemory:error=1:xmlsec > > > > > library function > failed:filename=/tmp/tmpZIPa5a.pem > > > > > > > > > > > > > > > > func=xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad:file=crypto.c:line=118:obj=unknown:subj=xmlSecCryptoAppKeyLoad:error=1:xmlsec > > > > > library function failed:uri=/tmp/tmpZIPa5a.pem > > > > > Error: failed to load public key from > > "/tmp/tmpZIPa5a.pem". > > > > > Error: keys manager creation failed > > > > > > > > > > I've installed XMLSec on the Amazon EC2 > instance. > > To do > > > so, I had to > > > > > install from source. The first note is that > I receive > > > failures when > > > > > running a "make check" as I reported here: > > > > > > https://bugzilla.gnome.org/show_bug.cgi?id=725279. > > That > > > bug post > > > > has an > > > > > attachment of the output, but the two main > > failures are: > > > > > > > > > > transform "rsa-1_5" and "rsa-oaep-mgf1p" not > found > > > > > > > > > > My question is this: does this sound like a > library > > > issue (missing > > > > > library or version mismatch)? > > > > > > > > > > You ask that I supply following for a > question or bug > > > report: > > > > > XMLSec version number (or the snapshot date): > > > > > xmlsec version: xmlsec1 1.2.19 (gcrypt) > > > > > > > > > > The platform/compiler you are using: > > > > > Amazon Linux AMI release 2013.09 > > > > > Kernel: 3.4.76-65.111.amzn1.x86_64 > > > > > gcc (GCC) 4.6.3 20120306 (Red Hat 4.6.3-2) > > > > > > > > > > The exact xmlsec utility command line: > > > > > /usr/local/bin/xmlsec1 > > > > > > > > > > All the files mentioned in this command line: > > > > > ** I'm not sure how to list these? > > > > > > > > > > The xmlsec utility output: > > > > > ** I don't know how to run the xmlsec utility > > > > > > > > > > Additional library information from the > Amazon EC2 > > > instance that > > > > may be > > > > > important: > > > > > libxml2.x86_64 version: 2.9.1-1.1.28.amzn1 > > > > > libxml2-devel.x86_64 version: 2.9.1-1.1.28.amzn1 > > > > > libxslt.x86_64 version: 1.1.26-2.7.amzn1 > > > > > libxslt-devel.x86_64 version: 1.1.26-2.7.amzn1 > > > > > OpenSSL version: 1.0.1e-fips > > > > > > > > > > Thank you for your time and attention, > > > > > Derek Nutile > > > > > > > > > > > > > > > _______________________________________________ > > > > > xmlsec mailing list > > > > > [email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>> > > > <mailto:[email protected] > <mailto:[email protected]> <mailto:[email protected] > <mailto:[email protected]>> > > <mailto:[email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>>>> > > > > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > xmlsec mailing list > [email protected] <mailto:[email protected]> > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > -- > SY, Dmitry Belyavsky _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
