Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

alpine xmlsec-dev 1.2.25 produces "unable to load xmlsec-openssl library."

See original GitHub issue

Code Version

tested in pysaml v 4.5.0 and 4.0.3. xmlsec-dev 1.2.22 works fine, 1.2.25 seems to break things.

Expected Behavior

okta/saml login should work.

Current Behavior

on processing saml response from idp:

Python traceback:

  File "/usr/lib/python3.6/site-packages/saml2/client_base.py", line 599, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/lib/python3.6/site-packages/saml2/entity.py", line 1137, in _parse_response
    response = response.loads(xmlstr, False, origxml=origxml)
  File "/usr/lib/python3.6/site-packages/saml2/response.py", line 510, in loads
    self._loads(xmldata, decode, origxml)
  File "/usr/lib/python3.6/site-packages/saml2/response.py", line 335, in _loads
    **args)
  File "/usr/lib/python3.6/site-packages/saml2/sigver.py", line 1743, in correctly_signed_response
    class_name(response), origdoc)
  File "/usr/lib/python3.6/site-packages/saml2/sigver.py", line 1558, in _check_signature
    raise SignatureError("Failed to verify signature")
saml2.sigver.SignatureError: Failed to verify signature

logs see the following otuput:

"Usage: xmlsec <command> [<options>] [<files>]

xmlsec is a command line tool for signing, verifying, encrypting and
decrypting XML documents. The allowed <command> values are:
  --help      	display this help information and exit
  --help-all  	display help information for all commands/options and exit
  --help-<cmd>	display help information for command <cmd> and exit
  --version   	print version information and exit
  --keys      	keys XML file manipulation
  --sign      	sign data and output XML document
  --verify    	verify signed document
  --sign-tmpl 	create and sign dynamicaly generated signature template
  --encrypt   	encrypt data and output XML document
  --decrypt   	decrypt data from XML document


Report bugs to http://www.aleksey.com/xmlsec/bugs.html

Written by Aleksey Sanin <aleksey@aleksey.com>.

Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved..
This is free software: see the source for copying information.

func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=130:obj=unknown:subj=lt_dlopenext:error=7:io function failed:name="libxmlsec1-openssl"; errno=2
func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=436:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=393:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed: 
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
Error: initialization failed
func=xmlSecCryptoShutdown:file=app.c:line=65:obj=unknown:subj=unknown:error=9:feature is not implemented:details=cryptoShutdown
Error: xmlSecCryptoShutdown failed
Error: xmlsec crypto shutdown failed.
", "func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=130:obj=unknown:subj=lt_dlopenext:error=7:io function failed:name="libxmlsec1-openssl"; errno=2
func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=436:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=393:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed: 
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use "--crypto" option to specify different
crypto engine.
Error: initialization failed
func=xmlSecCryptoShutdown:file=app.c:line=65:obj=unknown:subj=unknown:error=9:feature is not implemented:details=cryptoShutdown
Error: xmlSecCryptoShutdown failed
Error: xmlsec crypto shutdown failed.

Possible Solution

recent xmlsec seems to have introduced a bug… maybe a commmand-line change?

Steps to Reproduce

build alpine-linux 3.8, apk install xmlsec-dev
attempt to validate a saml authentication post

Issue Analytics

State:
Created 5 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

1reaction

VojtechVitekcommented, Nov 28, 2018

@hjwp care to share your solution? We hit this very same problem today with Alpine 3.8.

https://bugs.alpinelinux.org/issues/9110 is still in NEW status.

1reaction

hjwpcommented, Aug 6, 2018

we’re having a go against a hand-compiled xmlsec 1.2.26 and it all seems to work fine, thanks again!

Top Results From Across the Web

Alpine Linux packages

File, Package, Branch, Repository, Architecture. /usr/lib/libxmlsec1.la, xmlsec, v3.7, community · x86. /usr/lib/libxmlsec1-openssl.so.1.2.25, xmlsec, v3.7 ...

Untitled

18: Under certain circumstances (e.g., reading from /dev/zero), read(2) will ... root chains now with openssl 1.0.2 and also gnutls 3.5 is able...

Open Source Used In Crosswork Platform Infrastructure cw ...

1.230 spring-boot-devtools 1.5.12.RELEASE ... 1.1161 xmlsec 1.2.25-1build1 ... library, and (2) we offer you this license, which gives you legal.

NetBSD - DistroWatch.com

Releases announcements with download links and checksums: ... 2020-02-03: Development Release: NetBSD 9.0 RC2 ... Canna-lib-3.7pl3nb1 • Canna-server-3.7pl3

https://www.pagure.io/redcore/portage/c/12bb627384...

( dev-libs/openssl:0 )" @@ -111,16 +109,16 @@ src_configure() { $(use_with ... dev-libs/nss >=dev-libs/redland-1.0.16 >=dev-libs/xmlsec-1.2.24[nss] + ...