Paul Philippov

home is where ~/ is

MovableType OpenID issue, resolved

Today, my lovely wife found her weblog does not accept OpenID authorization anymore, and so runs out of comments. I believe that’s a result of upgrade to yet another “latest, bug fixed, and more secure (of course)” version of MovableType. I can’t say which exact update made the OpenID stuff broken because I had to update several blogs several times lately. Anyway, I found that recent MT-4.21 fails to authorize one through OpenID URI. I tried my Yahoo! OpenID, and one from Blogger, but both failed. The best I got is the message on a plain dull web page: An error occurred: The sign-in attempt was not successful; please try again.

If you are reading this googled page looking to solve the same problem you’re facing on your own blog, then that’s the right place. Most probably your server does not have a necessary perl encryption module installed. If you have got a shell access to your server account then you’re half done (if you have not then complain to your hosting support service and they should install everything for you). Ok, with the shell access login to your account and install perl module Crypt::SSLeay either from CPAN repository or from an official repository for your distro. To go with CPAN, you have to fire following command in shell:

$ cpan Crypt::SSLeay

Read output from the installation script. If it says everything is OK then you are a lucky. Open a web browser and try to authorize on your blog with an OpenID. Bet it will work for you this time. But if you are as lucky as me, running a custom configured server, or just has a bad karma, then you will end up with the error:

CPAN.pm: Going to build D/DL/DLAND/Crypt-SSLeay-0.57.tar.gz

=======================================================
Only one OpenSSL installation found at /usr/local/ssl
Consider running 'perl Makefile.PL --default' the next
time Crypt::SSLeay is upgraded to select this directory
automatically thereby avoiding the following prompt.
=======================================================
Which SSL install path do you want to use? [/usr/local/ssl]

BUILD INFORMATION
================================================
ssl library: OpenSSL 0.9.8 in /usr/local/ssl
ssl header:  openssl/ssl.h
libraries:   -L/usr/local/ssl/lib -lssl -lcrypto -lgcc
include dir: -I/usr/local/ssl/include/openssl
================================================

...
In file included from SSLeay.xs:25:
crypt_ssleay_version.h:1:25: error: openssl/ssl.h: No such file or directory
crypt_ssleay_version.h:2:28: error: openssl/crypto.h: No such file or directory
crypt_ssleay_version.h:3:25: error: openssl/err.h: No such file or directory
crypt_ssleay_version.h:4:26: error: openssl/rand.h: No such file or directory
crypt_ssleay_version.h:5:28: error: openssl/pkcs12.h: No such file or directory
SSLeay.xs:43: warning: type defaults to 'int' in declaration of 'SSL'
... a lot of warnings thrown by SSLeay.c following

I don’t know what made Makefile.PL to configure Makefile this way, but the file is wrong. Note the include dir: -I/usr/local/ssl/include/openssl it should not have openssl part in there. Because SSLeay.xs already includes files out of openssl/ directory. Having that chunk in path is redundant and leads to the error we got above.

I have absolutely no desire to dig perl code of Makefile.PL even that little. Instead I’ll show you how to fix Makefile itself. Go to the directory where the failed package extracted:

$ cd ~/.cpan/build/Crypt-SSLeay-0.57

Open Makefile file with your prefered text editor and change INC = -I/usr/local/ssl/include/openssl to read like INC = -I/usr/local/ssl/include. Or even better you could do it UNIX way, running following command in command prompt:

$ sed -i 's!include/openssl!include!' Makefile

after that run make && make install and test result in a web browser. Worked for me, should work for you.

Please note, exact paths may differ on your system. Put it this way: now you’ve got the idea how to fix it, and you only have to find where =) Good luck with hacking!