g0n has asked for the wisdom of the Perl Monks concerning the following question:

I mentioned this in the CB yesterday. I have a requirement to use Net::LDAPS. It has a dependency on IO::Socket::SSL, which in turn has a dependency on Net::SSLeay. Net::SSLeay requires openssl. I've installed openssl 0.9.7f from source using gcc, however when I try to make Net::SSLeay v1.25 I get the following error:

LD_RUN_PATH="/usr/local/ssl/lib" ld -o blib/arch/auto/Net/SSLeay/SSLea
+y.so  -bhalt:4 -bM:SRE -bI:/usr/local/lib/perl5/5.0055
1/aix/CORE/perl.exp -bE:SSLeay.exp -b noentry -lc -L/usr/local/lib SSL
+eay.o    -L/usr/local/ssl -L/usr/local/ssl/lib -lssl -lcrypto 
ld: 0711-317 ERROR: Undefined symbol: .__umoddi3
ld: 0711-317 ERROR: Undefined symbol: .__udivdi3
ld: 0711-317 ERROR: Undefined symbol: .__eprintf
ld: 0711-345 Use the -bloadmap or -bnoquiet option to obtain more info
+rmation.
make: 1254-004 The error code from the last command is 8.

[download]

During the make process Net::SSLeay remarks that it must be compiled using the same compiler as was used to make perl & openssl (for reasons to do with XS I assume), but when I mentioned this in the CB a monk (it might have been tye) suggested I try it, because sometimes it works. I guess it didn't :-(

Other than the XS issue, I'm wondering if the 'undefined symbol' error suggests a version mismatch.

Bearing in mind that for operational reasons I am not permitted to recompile a more up to date version of perl than the "5.005_51 built for aix" I've got (if only!), which I assume was built by IBM using the IBM C compiler (this version of perl ships with AIX 4.3), can anyone suggest a workaround or fix?

TIA

Update: Failing suggestions for workaround or fix, I'd welcome comments on whether the make error suggests compiler mismatch or version mismatch. I suspect the former, but my knowledge of XS is undef.

Update: It's amazing how quickly an absolute policy can be excepted when the only alternative is spending thousands rewriting in java :-)

Thanks for your input folks, I'm off to install perl 5.8.6

g0n, backpropagated monk

Replies are listed 'Best First'.
Re: Net::SSLeay on AIX - make problems
by rev_1318 (Chaplain) on Apr 14, 2005 at 13:43 UTC
    The operational reasons you mention have to do with the fear that system related things get broken? If so, why not build a new version of Perl at a totally different location (e.g. /usr/local/perl5.8.4) and use that for your programs? That way, nothing is in the way of operations.

    Paul

[reply]
      Simple answer: because I would be fired.

      Complex answer: the operational reasons are that this is the policy. AFAIK there are only a few people using perl for anything on these machines, and none of it is mission critical. Nevertheless, installation of anything, even in parallel versions with no impact on anyone else is forbidden. It has to be performed by a separate department, analysed for impact and business case (taking into account 14 days regression testing), at which point it gets binned. Trust me, its not an option!

      g0n, backpropagated monk
[reply]

        I feel for you. I really do. Something like that sounds like the best course of action is to quietly start job hunting ;-)

        On a more practical note, when you're in a catch-22 situation, I always recommend talking it over with your manager. Your manager may be a total arse, or a wonderful angel, I don't know. Never met the person. I am pretty sure, however, that s/he is being paid to make these types of decisions. Point out the conflicts in your requirements vs the business reality you're working within. Let your manager decide which is more important between secure LDAP, fighting with the other department, time, and resource. That's a manager's job. Your job, as a non-manager, is to simply be transparent in all that you do: evaluate your requirements, implement them where you can, and alert your manager ASAP when you cannot.

        IMO, you're very likely at that point where you've determined that you cannot. You need to get OpenSSL and Perl compiled with the same compiler. Perhaps your manager will go with the idea of getting the IBM C compiler so you can get OpenSSL compiled with that.

        You know, it strikes me as somewhat odd that a company trying to go to secure LDAP would be running AIX 4.3 anywhere. If security is a priority, wouldn't that also include sticking with supported operating systems? AIX 4 went out of service a while ago - we have to go through hoops to get our IT dept to allow us to keep our AIX 4 machines, despite the fact that we still support our product on AIX 4 (as long as it isn't an OS problem ;->).

        Update: You should also get in the habit of getting managerial decisions, especially ones that may come back to haunt you, in writing, or whatever passes for "in writing" in your company. e.g., in our company, using Lotus Notes, all emails are automatically electronically signed, so simply getting an email from my manager about something is as good as "in writing". CYA at all times :-)

[reply]
        They let you install openssl, additional Perl modules and more without hassle, but when it comes to installing a seperate perl-interpreter which will not interfere with operations (which can not be said for the openssl software and the additional modules in production!) it's a nogo?!
        If that's really the case, then the only thing you can do is compile the sources with the AIX C compiler...

        Paul

[reply]

Back to Seekers of Perl Wisdom