openssl oid error during make
Closed this issue · 5 comments
Summary
The first 10 lines of certs/openssl.cnf should be deleted and capitalization of xmppAddr corrected to XmppAddr in the rest of the file.
Lines 1 to 10 in c05ffc4
Note: I noticed this issue 7 months ago with the AUR package. You appeared to have been the maintainer, but did not respond to comment or flag. I have adopted and fixed this in the package.
Details
When trying to build this project from git checkout, the following error is displayed:
openssl req -new -x509 -nodes -key localhost.key -days 1825 \
-sha256 -out localhost.cert -utf8 -config localhost.cnf
problem creating object xmppAddr=1.3.6.1.5.5.7.8.5
4077B3B8587F0000:error:04000066:object identifier routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:802:
make: *** [Makefile:22: localhost.cert] Error 1
Commenting out the line defining xmppAddr results in:
openssl req -new -x509 -nodes -key localhost.key -days 1825 \
-sha256 -out localhost.cert -utf8 -config localhost.cnf
problem creating object SRVName=1.3.6.1.5.5.7.8.7
40975B41757F0000:error:04000066:object identifier routines:OBJ_create:oid exists:crypto/objects/obj_dat.c:785:
make: *** [Makefile:22: localhost.cert] Error 1
Commenting out the line defining SRVName results in:
openssl req -new -x509 -nodes -key localhost.key -days 1825 \
-sha256 -out localhost.cert -utf8 -config localhost.cnf
Error checking x509 extension section v3_extensions
40C78CAA077F0000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto/objects/obj_dat.c:438:
40C78CAA077F0000:error:11000093:X509 V3 routines:a2i_GENERAL_NAME:othername error:crypto/x509/v3_san.c:571:
40C78CAA077F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=v3_extensions, name=subjectAltName, value=@subject_alternative_name
make: *** [Makefile:22: localhost.cert] Error 1
The following commands show the oids have already been defined, along with the spelling and capitalization that openssl expects:
$ openssl asn1parse -genstr OID:1.3.6.1.5.5.7.8.5
0:d=0 hl=2 l= 8 prim: OBJECT :XmppAddr
$ openssl asn1parse -genstr OID:1.3.6.1.5.5.7.8.7
0:d=0 hl=2 l= 8 prim: OBJECT :SRVName
Modifying the file as described in the above summary allows make to complete without this error.
Hi, which version of OpenSSL is it?
Problem occurs with openssl 3.1.4.
openssl 1.1.1.w seems to work okay. Would require changes to point at alternate paths:
/usr/bin/openssl-1.1
/usr/include/openssl-1.1/
/usr/lib/openssl-1.1/
Hi @xiota unfortunately I had several issues with OpenSSL 3.x and LuaSec so I had to put on hold switching, perhaps for the moment if you can get Metronome to work correctly with OpenSSL 3.x and without LuaSec breaking I suggest adding overrides in the package build configuration for config.unix adding the relative path for the OpenSSL v1.1 library using the OPENSSL_LIB variable and replacing openssl.cnf with your working variant.
I can't (for now) add changes directly in repo or it'll break builds for Debian-like distributions and containers (Alpine, which are the preferred method now).
I also don't have access anymore to the package as co-mantainer so I can't make any change. So I fow now close the issue, feel free to send any PR regarding if you need some code changes in the build processes.
PS: obviously you can do the same if you want to use OpenSSL 3.x, just replacing openssl.cnf with your variant with overrides and prebuild hooks.
I don't use this project. The AUR package was formerly included in a binary repo by user request. It was dropped when I found it was broken and none of the maintainers replied to requests to fix it. The package was probably broken long before I encountered it and probably now has a user base of zero.
The package at least successfully builds with openssl 3.x, but I have not checked functionality. If you have automated tests, I could add them to the package. Otherwise, I will wait for user feedback before changing anything else.
Since you appear to have moved on to other distros and did not actively monitor the AUR package, adding you back as comaintainer is unlikely to be productive.