Some analysis ...
Am 22.02.2010 22:21, schrieb Andrei Pelinescu-Onciul:
Note that another very strange thing is the version number. From your log: INFO: tls [tls_init.c:486]: tls: _init_tls_h: compiled with openssl version "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" (0x0090802f), kerberos ^^^^^^^ ^^^^^^^^^^
0x0090802f means openssl 0.9.8b (release) and not 0.9.8e. It looks like OPENSSL_VERSION_NUMBER is different from OPENSSL_VERSION_TEXT in you include/openssl/opensslv.h. Out o curiosity could you verify that that's the case?
# cat /etc/redhat-release CentOS release 5.4 (Final)
# rpm -qa|grep ssl openssl-devel-0.9.8e-12.el5_4.1 openssl-0.9.8e-12.el5_4.1
extract from /usr/include/openssl/opensslv.h:
#define OPENSSL_VERSION_NUMBER 0x0090802fL #ifdef OPENSSL_FIPS #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008" #else #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-rhel5 01 Jul 2008" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
really strange. I downloaded and extracted RH openssl-0.9.8e-12.el5_4.1.src.rpm and greped for "OPENSSL_VERSION":
openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_NUMBER 0x00908060L openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_NUMBER 0x0090802fL openssl-fips-0.9.8e-abi.patch:-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-fips-dev xx XXXX xxxx" openssl-fips-0.9.8e-abi.patch:+#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008"
Further the SRPM contains openssl-fips-0.9.8e-usa.tar.bz2 which contains a opensslv.h with:
#define OPENSSL_VERSION_NUMBER 0x00908060L #ifdef OPENSSL_FIPS #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-fips-dev xx XXXX xxxx" #else #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8f-dev xx XXXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
Looks like RH is using a 0.9.8f-dev version, which is named 0.9.8e, and numbered like 0.9.8b - maybe for compatibility reasons with earlier RHEL5 releases.
regards klaus