<div dir="ltr"><div>Hello!<br><br></div>Some time ago Redhat-based Linuxes did not support EC cryptography because of patent restrictions.<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 5, 2014 at 9:18 PM, Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">File a bug with redhat? Compile OpenSSL manually? xmlsec has a check<br>
if ecdsa is present:<br>
<br>
AC_EGREP_CPP(yes,[<br>
#include <openssl/opensslconf.h><br>
#ifdef OPENSSL_NO_ECDSA<br>
yes<br>
#endif<br>
],[<br>
OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_NO_ECDSA=1"<br>
])<br>
CPPFLAGS=$OLD_CPPFLAGS<br>
<br>
Not sure why it doesn't work on redhat<br>
<br>
Aleksey<br>
<br>
On 3/5/14, 9:12 AM, Derek Nutile wrote:<br>
> Thanks Aleksey,<br>
><br>
> The openssl-devel package was missing. I installed it and ./configure<br>
> now finds OpenSSL, which is progress. However, it appears RedHat/Centos<br>
> based distribution's do not include the ec or ecdsa.h header files.<br>
><br>
> Error during make:<br>
> In file included from app.c:31:0:<br>
> ../../include/xmlsec/openssl/crypto.h:204:27: fatal error:<br>
> openssl/ecdsa.h: No such file or directory<br>
> compilation terminated.<br>
><br>
> It appears these files have been dropped from these distribution's due<br>
> to legal worries.<br>
><br>
> Reference: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=319901" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=319901</a><br>
> Reference: <a href="https://bitcointalk.org/index.php?topic=9476.0" target="_blank">https://bitcointalk.org/index.php?topic=9476.0</a><br>
><br>
> Any suggestions?<br>
><br>
> Thank you again,<br>
> Derek<br>
<div class="im HOEnZb">><br>
><br>
><br>
> On Wed, Mar 5, 2014 at 8:44 AM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a><br>
> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>> wrote:<br>
><br>
> I don't know, but I would check if you have openssl-devel package<br>
> installed<br>
><br>
> Aleksey<br>
><br>
> On 3/5/14, 6:29 AM, Derek Nutile wrote:<br>
> > Aleksey,<br>
> ><br>
> > In my last message, I asked if there was a compatibility issue with<br>
> > OpenSSL 1.x, but I just installed XMLSec on an Ubuntu system with<br>
> > OpenSSL 1.0.1 just fine. So I tried to compile XMLSec on a Centos<br>
> > machine with openssl 1.x and that also fails. To me, the common<br>
> > denominator is the distribution.<br>
> ><br>
> > How can I get XMLSec to compile with OpenSSL on a non-Debian linux?<br>
> > What am I missing?<br>
> ><br>
> ><br>
> > On Wed, Mar 5, 2014 at 4:50 AM, Derek Nutile<br>
> <<a href="mailto:dereknutile@gmail.com">dereknutile@gmail.com</a> <mailto:<a href="mailto:dereknutile@gmail.com">dereknutile@gmail.com</a>><br>
</div><div class="im HOEnZb">> > <mailto:<a href="mailto:dereknutile@gmail.com">dereknutile@gmail.com</a> <mailto:<a href="mailto:dereknutile@gmail.com">dereknutile@gmail.com</a>>>> wrote:<br>
> ><br>
> > Aleksey,<br>
> ><br>
> > I cannot get the compiler to locate openssl.<br>
> ><br>
> > Running ./configure with no options has this in the logs:<br>
> > checking for OPENSSL... no<br>
> ><br>
> > Running ./configure --with-openssl=/usr/bin/openssl logs this:<br>
> > checking for openssl libraries >= 0.9.6... no<br>
> ><br>
> > Is it possible that xmlsec doesn't work with OpenSSL 1.0.1e? Do I<br>
> > have any other options?<br>
> ><br>
> > Thank you,<br>
> > Derek<br>
> ><br>
> ><br>
> ><br>
> > On Tue, Mar 4, 2014 at 10:40 AM, Aleksey Sanin<br>
> <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>><br>
</div><div class="HOEnZb"><div class="h5">> > <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>>> wrote:<br>
> ><br>
> > Yes, you might need to re-compile xmlsec. xmlsec-openssl<br>
> is the<br>
> > default<br>
> > crypto engine thus ./configure probably just didn't find<br>
> openssl for<br>
> > whatever reason. Run ./configure and look at the output<br>
> and logs to<br>
> > figure out what is happening.<br>
> ><br>
> > Aleksey<br>
> ><br>
> > On 3/4/14, 10:09 AM, Derek Nutile wrote:<br>
> > > Thank you for your response Aleksey.<br>
> > ><br>
> > > How do I use OpenSSL instead of GCrypt? Do I recompile<br>
> the xmlsec<br>
> > > source? I looked at the ./configure --help output and it's<br>
> > not clear to<br>
> > > me how to. Should I add ' --with-openssl=path'? Should I<br>
> > also use '<br>
> > > --without-gcrypt'?<br>
> > ><br>
> > ><br>
> > > On Tue, Mar 4, 2014 at 6:09 AM, Aleksey Sanin<br>
> > <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>><br>
> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>><br>
> > > <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>><br>
> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>>>>> wrote:<br>
> > ><br>
> > > Sounds like you are using GCrypt and it doesn't support<br>
> > PEM key format.<br>
> > > Try to use OpenSSL instead.<br>
> > ><br>
> > > Aleksey<br>
> > ><br>
> > > On 3/1/14, 1:43 PM, Derek Nutile wrote:<br>
> > > > Hello Aleksey,<br>
> > > ><br>
> > > > Hopefully you can help me. I'm implementing<br>
> Django SAML<br>
> > > > (<a href="https://bitbucket.org/lgs/djangosaml2" target="_blank">https://bitbucket.org/lgs/djangosaml2</a>) in a project<br>
> > which relies on<br>
> > > > your XMLSec library. The application works flawlessly<br>
> > on my local<br>
> > > > development environment (Mac), but returns errors<br>
> on my<br>
> > staging<br>
> > > server,<br>
> > > > an Amazon EC2 instance. I'm struggling to isolate the<br>
> > issue. The<br>
> > > > exception that is generated in my SAML application<br>
> is as<br>
> > follows:<br>
> > > ><br>
> > > > Exception:<br>
> > > ><br>
> > ><br>
> ><br>
> func=xmlSecGCryptAppKeyLoadMemory:file=app.c:line=248:obj=unknown:subj=unknown:error=17:invalid<br>
> > > > format:format=7<br>
> > > ><br>
> > ><br>
> ><br>
> func=xmlSecGCryptAppKeyLoad:file=app.c:line=176:obj=unknown:subj=xmlSecGCryptAppKeyLoadMemory:error=1:xmlsec<br>
> > > > library function failed:filename=/tmp/tmpZIPa5a.pem<br>
> > > ><br>
> > ><br>
> ><br>
> func=xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad:file=crypto.c:line=118:obj=unknown:subj=xmlSecCryptoAppKeyLoad:error=1:xmlsec<br>
> > > > library function failed:uri=/tmp/tmpZIPa5a.pem<br>
> > > > Error: failed to load public key from<br>
> "/tmp/tmpZIPa5a.pem".<br>
> > > > Error: keys manager creation failed<br>
> > > ><br>
> > > > I've installed XMLSec on the Amazon EC2 instance.<br>
> To do<br>
> > so, I had to<br>
> > > > install from source. The first note is that I receive<br>
> > failures when<br>
> > > > running a "make check" as I reported here:<br>
> > > > <a href="https://bugzilla.gnome.org/show_bug.cgi?id=725279" target="_blank">https://bugzilla.gnome.org/show_bug.cgi?id=725279</a>.<br>
> That<br>
> > bug post<br>
> > > has an<br>
> > > > attachment of the output, but the two main<br>
> failures are:<br>
> > > ><br>
> > > > transform "rsa-1_5" and "rsa-oaep-mgf1p" not found<br>
> > > ><br>
> > > > My question is this: does this sound like a library<br>
> > issue (missing<br>
> > > > library or version mismatch)?<br>
> > > ><br>
> > > > You ask that I supply following for a question or bug<br>
> > report:<br>
> > > > XMLSec version number (or the snapshot date):<br>
> > > > xmlsec version: xmlsec1 1.2.19 (gcrypt)<br>
> > > ><br>
> > > > The platform/compiler you are using:<br>
> > > > Amazon Linux AMI release 2013.09<br>
> > > > Kernel: 3.4.76-65.111.amzn1.x86_64<br>
> > > > gcc (GCC) 4.6.3 20120306 (Red Hat 4.6.3-2)<br>
> > > ><br>
> > > > The exact xmlsec utility command line:<br>
> > > > /usr/local/bin/xmlsec1<br>
> > > ><br>
> > > > All the files mentioned in this command line:<br>
> > > > ** I'm not sure how to list these?<br>
> > > ><br>
> > > > The xmlsec utility output:<br>
> > > > ** I don't know how to run the xmlsec utility<br>
> > > ><br>
> > > > Additional library information from the Amazon EC2<br>
> > instance that<br>
> > > may be<br>
> > > > important:<br>
> > > > libxml2.x86_64 version: 2.9.1-1.1.28.amzn1<br>
> > > > libxml2-devel.x86_64 version: 2.9.1-1.1.28.amzn1<br>
> > > > libxslt.x86_64 version: 1.1.26-2.7.amzn1<br>
> > > > libxslt-devel.x86_64 version: 1.1.26-2.7.amzn1<br>
> > > > OpenSSL version: 1.0.1e-fips<br>
> > > ><br>
> > > > Thank you for your time and attention,<br>
> > > > Derek Nutile<br>
> > > ><br>
> > > ><br>
> > > > _______________________________________________<br>
> > > > xmlsec mailing list<br>
> > > > <a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>><br>
> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>>><br>
> > <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>><br>
> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>>>><br>
> > > > <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
> > > ><br>
> > ><br>
> > ><br>
> ><br>
> ><br>
> ><br>
><br>
><br>
_______________________________________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>SY, Dmitry Belyavsky
</div>