Re: [exim] DKIM - signing mail

Top Page
Delete this message
Reply to this message
Author: exim-users
Date:  
To: Exim-users
Subject: Re: [exim] DKIM - signing mail
exim-users@??? schrieb:
> Renaud Allard schrieb:
>> Tom Kistner wrote:
>>> Renaud Allard schrieb:
>>>
>>>> /usr/local/lib/libdkim.a(dkimsign.o)(.text+0x103): In function
>>>> `CDKIMSign::CDKIMSign[not-in-charge]()':
>>>> : undefined reference to `EVP_sha256'
>>> OK, then that OpenSSL was actually built without sha256 support. I'm
>>> afraid you need to upgrade it.
>>>
>> I think you are right. However, it is funny as OpenBSD uses sha256 as
>> the default auth in ipsec and the header is present:
>>
>> # grep EVP_sha256 /usr/include/openssl/*
>> /usr/include/openssl/evp.h:const EVP_MD *EVP_sha256(void);
>>
>> # strings /usr/lib/libssl.so.11.0 | grep 256
>> EVP_aes_256_cbc
>> DH-DSS-AES256-SHA
>> DH-RSA-AES256-SHA
>> DHE-DSS-AES256-SHA
>> DHE-RSA-AES256-SHA
>> ADH-AES256-SHA
>> AES-256-CBC
>> AES(256)
>
> Those strings are just SSL ciphersuites, using a 256 bit AES key
> together with an ordinary 160 bit SHA-1. Obviously, EVP_sha256() was not
> compiled in.
>
> But since you have EVP_sha256() in the cited header, you can check the
> header along with openssl's makefile on how to pull it in.


Replying to my own comment:

openssl creates 2 libraries: libssl and libcrypto. The first one
implements the ssl/tls protocol, the latter one the various crypto
algorithms. Since dkim just needs some crypto algorithms for creating
and verifying signatures, I'd expect it to pull them out of libcrypto.
libssl is not interesting in this context. So you should rather check
your libcrypto for the EVP_sha256 symbol.


Patrick