Debian Bug report logs - #1072844
heimdal: Please build heimdal with openssl

version graph

Package: src:heimdal; Maintainer for src:heimdal is Brian May <[email protected]>;

Reported by: Jarek Kamiński <[email protected]>

Date: Sat, 8 Jun 2024 21:03:02 UTC

Severity: wishlist

Found in version heimdal/7.8.git20221117.28daf24+dfsg-5

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], Brian May <[email protected]>:
Bug#1072844; Package src:heimdal. (Sat, 08 Jun 2024 21:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Jarek Kamiński <[email protected]>:
New Bug report received and forwarded. Copy sent to Brian May <[email protected]>. (Sat, 08 Jun 2024 21:03:04 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

From: Jarek Kamiński <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: heimdal: Please build heimdal with openssl
Date: Sat, 8 Jun 2024 22:51:28 +0200
[Message part 1 (text/plain, inline)]
Source: heimdal
Version: 7.8.git20221117.28daf24+dfsg-5
Severity: wishlist

Hi,

While trying to use PKINIT I've got the following error:
#v+
% kinit -D DIR:/etc/ssl/certs/ -C PKCS11:/usr/lib/x86_64-linux-gnu/libykcs11.so
PIN code for Yubico YubiKey OTP+FIDO+CCID 00 00:
kinit: krb5_get_init_creds: PKINIT: ECDH not supported
#v-

Looking at the source code, the error is printed when
HAVE_HCRYPTO_W_OPENSSL is not defined, which is the case because the
source code is configured --without-openssl. Changelog explains this was
introduced to fix #440443, but disabling OpenSSL is a bit unfortunate
solution to the FTBFS.

Could you consider building with OpenSSL support enabled? For the
record, PKINIT with RSA certificates works all right.


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-security
  APT policy: (990, 'stable-security'), (990, 'testing'), (500, 'unstable'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.7.12-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) (ignored: LC_ALL set to pl_PL), LANGUAGE=pl:en_GB
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- 
greetz(); // Jarek

[signature.asc (application/pgp-signature, inline)]

Information forwarded to [email protected]:
Bug#1072844; Package src:heimdal. (Sun, 09 Jun 2024 08:03:04 GMT) (full text, mbox, link).

Acknowledgement sent to Brian May <[email protected]>:
Extra info received and forwarded to list. (Sun, 09 Jun 2024 08:03:04 GMT) (full text, mbox, link).

Message #10 received at [email protected] (full text, mbox, reply):

From: Brian May <[email protected]>
To: Jarek Kamiński <[email protected]>, [email protected]
Subject: Re: Bug#1072844: heimdal: Please build heimdal with openssl
Date: Sun, 09 Jun 2024 18:00:32 +1000
Jarek Kamiński <[email protected]> writes:

> Could you consider building with OpenSSL support enabled? For the
> record, PKINIT with RSA certificates works all right.

I think there was a really good reason we disabled openssl support.

Unfortunately I can't find it anymore.

I do see an old bug report about license incompatability between
libreadline (GPL) and openssl, but AFAIK we no longer use libreadline so
that shouldn't be an issue anymore.
-- 
Brian May @ Debian

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Thu May 15 19:18:39 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.