From owner-ssh@clinet.fi Tue Jun 5 06:31:00 2001 Received: from smtp1.clinet.fi (smtp1.clinet.fi [194.100.2.57]) by hutcs.cs.hut.fi (8.9.3/8.9.3) with ESMTP id GAA21874 for ; Tue, 5 Jun 2001 06:31:00 +0300 (EET DST) Received: from mail.clinet.fi (mail.clinet.fi [194.100.0.7]) by smtp1.clinet.fi (Postfix) with ESMTP id 79F79216B7; Tue, 5 Jun 2001 06:30:59 +0300 (EEST) Received: (from majordom@localhost) by mail.clinet.fi (8.9.3/8.9.3) id FAA04022 for ssh-outgoing; Tue, 5 Jun 2001 05:56:51 +0300 Received: from kk5jy.kk5jy.net (adsl-65-64-49-68.dsl.tulsok.swbell.net [65.64.49.68]) by mail.clinet.fi (8.9.3/8.9.3) with SMTP id FAA04012 for ; Tue, 5 Jun 2001 05:56:47 +0300 Received: (qmail 817 invoked from network); 5 Jun 2001 02:56:43 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 5 Jun 2001 02:56:43 -0000 Date: Mon, 4 Jun 2001 21:56:43 -0500 (CDT) From: Matt Roberts X-Sender: mattro@kk5jy.kk5jy.net To: ssh@clinet.fi Subject: Possible SSH/SSL Problem/Fix Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ssh@clinet.fi Precedence: bulk I have been fighting a small problem here, and I think tonight I have a workaround. If this has been suggested before, please excuse me. I have seen some similar posts in the archive, thought this might help someone. I am using SuSE Linux 7.1. I am installing SSH 2.9p1 from source, and compiling against OpenSSL 0.9.6a. I was having some trouble with signature verification. My OpenSSL was compiled as dynamic libraries with pgcc-2.95.2.1 (although I have tried several other versions of gcc/pgcc with same results), and options '-O2 -march=i686 -mcpu=i686'. I notice that the 'openssh' application bombs on 'make test' with these settings. I can turn down the settings to '-march=i686 -mcpu=i686' and make 'openssh' work again, but ssh still fails when dynamically linked to the shared openssl libraries. I built an extra install of OpenSSL, static only, with CFLAGS='-march=i686 -mcpu=i686' and link against this static library instead of the system's dyanmic OpenSSL libraries. I put this library in /opt/ssl. Then I build OpenSSH against these libraries by including --with-ssl-dir=/opt/ssl on the 'configure' line when building OpenSSH. Voila! It now works fine. SSL routines are slower without -O2, but at least they work now. I didn't have trouble with this under SuSE 7.0. Perhaps a difference between glibc 2.1 and 2.2, or Linux 2.2 to 2.4? I am using Linux-2.4.5 built with the suggested compiler, egcs-1.1.3. I build apps with pgcc-2.95.2.1, which was built using the egcs-1.1.3, and then bootstrapped against itself. For anyone interested, the problem affected both incoming connections to 'sshd' and outgoing connections using 'ssh'. All I changed was the library linkage.