3

I installed xmlsec and it keeps giving me an error when I try to verify an XML document.

yum install xmlsec1
yum install xmlsec1-openssl


[vagrant@localhost SSO-ROR-development]$ xmlsec1 --verify ../tmp_SAML_Sample.xml
func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=146:obj=lt_dlopenext:subj=unknown:error=7:io function failed:filename=libxmlsec1-openssl
func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=498:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=449:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed:
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
Error: initialization failed
Usage: xmlsec <command> [<options>] [<files>]

Report bugs to http://www.aleksey.com/xmlsec/bugs.html
Written by Aleksey Sanin <aleksey@aleksey.com>.
Copyright (C) 2002-2003 Aleksey Sanin.
This is free software: see the source for copying information.

func=xmlSecCryptoShutdown:file=app.c:line=69:obj=unknown:subj=cryptoShutdown:error=9:feature is not implemented:
func=xmlSecAppCryptoShutdown:file=crypto.c:line=48:obj=unknown:subj=xmlSecCryptoShutdown:error=1:xmlsec library function failed:
Error: xmlsec crypto shutdown failed.


[vagrant@localhost SSO-ROR-development]$ ls $LD_LIBRARY_PATH/*xmlsec*
/usr/lib64/libxmlsec1-openssl.so.1  /usr/lib64/libxmlsec1-openssl.so.1.2.16  /usr/lib64/libxmlsec1.so.1  /usr/lib64/libxmlsec1.so.1.2.16


[root@localhost SSO-ROR-development]# uname -a
Linux localhost.localdomain 2.6.32-279.14.1.el6.x86_64 #1 SMP Tue Nov 6 23:43:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
Chloe
  • 1,094
  • 4
  • 16
  • 34

2 Answers2

3

I believe you have run into this bug. Which I just duplicated on a CentOS 5 machine and EPEL 5. That's a pretty bad bug to have in a shipping RPM if you ask me.

Luckily the workaround is not too bad. Either create the symlink in the normal place (which I don't generally recommend) or create a directory and put the symlink in there and use LD_LIBRARY_PATH to point there. (I'm not sure why you have LD_LIBRARY_PATH set in your environment already unless that was a debugging attempt.)

Etan Reisner
  • 1,353
  • 6
  • 14
  • Yes that was for debugging. It asked me to `check shared libraries path (LD_LIBRARY_PATH)` so I wanted to show that I tried that also. Awesome, adding the link worked! – Chloe Aug 01 '13 at 19:13
2
# rpm -ql xmlsec1-openssl
/usr/lib64/libxmlsec1-openssl.so.1
/usr/lib64/libxmlsec1-openssl.so.1.2.16

As I see from the strace output

open("/lib64/libxmlsec1-openssl.la", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib64/libxmlsec1-openssl.la", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libxmlsec1-openssl.la", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/libxmlsec1-openssl.la", O_RDONLY) = -1 ENOENT (No such file or directory)
access("/lib64/libxmlsec1-openssl.so", R_OK) = -1 ENOENT (No such file or directory)
access("/usr/lib64/libxmlsec1-openssl.so", R_OK) = -1 ENOENT (No such file or directory)
access("/lib/libxmlsec1-openssl.so", R_OK) = -1 ENOENT (No such file or directory)
access("/usr/lib/libxmlsec1-openssl.so", R_OK) = -1 ENOENT (No such file or directory)
open("tls/x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("tls/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=38616, ...}) = 0
mmap(NULL, 38616, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc634861000
close(3)                                = 0
open("/lib64/tls/x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls/x86_64", 0x7fff6b286950) = -1 ENOENT (No such file or directory)
open("/lib64/tls/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
open("/lib64/x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64/x86_64", 0x7fff6b286950)   = -1 ENOENT (No such file or directory)
open("/lib64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib64", {st_mode=S_IFDIR|0555, st_size=12288, ...}) = 0
open("/usr/lib64/tls/x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls/x86_64", 0x7fff6b286950) = -1 ENOENT (No such file or directory)
open("/usr/lib64/tls/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/tls", {st_mode=S_IFDIR|0555, st_size=4096, ...}) = 0
open("/usr/lib64/x86_64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64/x86_64", 0x7fff6b286950) = -1 ENOENT (No such file or directory)
open("/usr/lib64/libxmlsec1-openssl.so", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/usr/lib64", {st_mode=S_IFDIR|0555, st_size=36864, ...}) = 0
munmap(0x7fc634861000, 38616)           = 0
write(2, "func=xmlSecCryptoDLLibraryCreate"..., 137func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=146:obj=lt_dlopenext:subj=unknown:error=7:io function failed:filename=libxmlsec1-openssl
) = 137
write(2, "func=xmlSecCryptoDLGetLibraryFun"..., 157func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=498:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
) = 157
write(2, "func=xmlSecCryptoDLLoadLibrary:f"..., 142func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=449:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed:
) = 142
write(2, "Error: unable to load xmlsec-ope"..., 216Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
) = 216
write(2, "Error: initialization failed\n", 29Error: initialization failed

xmlsec1-openssl looked for libxmlsec1-openssl.so and not libxmlsec1-openssl.so.1. You can try to do the trick

# cd /usr/lib64/
# ln -s libxmlsec1-openssl.so.1 libxmlsec1-openssl.so
ALex_hha
  • 7,025
  • 1
  • 23
  • 39
  • I find it is almost never a good idea to instruct someone to make a symlink in a system directory. It invariably leads to some sort of problem later on and encourages them to believe this is a proper sort of solution for the future. – Etan Reisner Aug 01 '13 at 19:28
  • The symlink was exactly what I needed! (Packaging requirements with zappa to run in AWS lambda) – Aaron McMillin Apr 21 '20 at 06:03