Building krb5 libs without openssl

Isaac Boukris iboukris at
Sun Dec 5 13:10:47 EST 2021

On Sun, Dec 5, 2021 at 6:40 PM Greg Hudson <ghudson at> wrote:
> On 12/5/21 8:16 AM, Isaac Boukris wrote:
> > The configure help isn't clear about '--with-tls-impl' alternatives,
> > from the script it looks like 'no' is an option but even though it
> > still compiles the files at 'lib/crypto/openssl' unless I comment it
> > out from the Makefile.
> I recently changed how the crypto build system works so that all source
> files are built, but some of them generate empty objects.  This improves
> automatic dependency generation and allows the OpenSSL back end to
> borrow from the builtin back end depending on the OpenSSL version.  See
> commit 7e8c41afc54db2ca75de5a1e2e440b034be8887b .

The actual error I see when I try to build with emscripten, maybe
something gets wrong in the configure stage:

making all in lib/crypto/openssl/des...
make[4]: Entering directory '/home/admin/git/krb5/src/lib/crypto/openssl/des'
/home/admin/git/emsdk/upstream/emscripten/emcc -DHAVE_CONFIG_H
-I../../../../include -I../../../../include -I./../../krb
-Werror=unknown-warning-option -Wall -Wcast-align -Wshadow
-Wmissing-prototypes -Wno-format-zero-length -Woverflow
-Wstrict-overflow -Wmissing-format-attribute -Wmissing-prototypes
-Wreturn-type -Wmissing-braces -Wparentheses -Wswitch
-Wunused-function -Wunused-label -Wunused-variable -Wunused-value
-Wunknown-pragmas -Wsign-compare -Wnewline-eof -Werror=uninitialized
-Werror=pointer-arith -Werror=int-conversion
-Werror=incompatible-pointer-types -Werror=implicit-int
-Werror-implicit-function-declaration   -c des_keys.c
des_keys.c:28:10: fatal error: 'openssl/des.h' file not found
#include <openssl/des.h>
1 error generated.

> > This is the configure command I'm trying to make work:
> > CFLAGS='-g -O0' ./configure --disable-pkinit --disable-rpath
> > --disable-thread-support --disable-shared --enable-static
> > --with-tls-impl=no --without-keyutils
> This configuration builds for me, and appears not to link against OpenSSL.

Ah thanks, for me on linux I get this:

make[2]: Entering directory '/home/admin/git/krb5_2/src/kadmin/dbutil'
gcc -L../../lib  -g -O0   -o kdb5_util kdb5_util.o kdb5_create.o
kadm5_create.o kdb5_destroy.o kdb5_stash.o import_err.o strtok.o
dump.o ovload.o kdb5_mkey.o tabdump.o tdumputil.o ../cli/getdate.o
-lkadm5srv_mit  -lkdb5 -lkrb5_db2 -lkadm5srv_mit -lgssrpc
-lgssapi_krb5 -lgssrpc -lgssapi_krb5 -ldl   -lkrb5 -lk5crypto
-lcom_err -lkrb5support  -lresolv  -ldl
/usr/bin/ld: ../../lib/libkadm5srv_mit.a(server_kdb.o):/home/admin/git/krb5_2/src/lib/kadm5/srv/server_kdb.c:18:
multiple definition of `master_keyblock';
first defined here
collect2: error: ld returned 1 exit status

More information about the krbdev mailing list