Re: Compile apache 2.2.26 with openssl1.0.1e failing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 






On Sun, Dec 1, 2013 at 2:29 AM, Jeff Trawick <trawick@xxxxxxxxx> wrote:
On Sat, Nov 30, 2013 at 4:20 AM, Igor Cicimov <icicimov@xxxxxxxxx> wrote:
Hi all,

Im trying to build apache2.2.26 on CentOS5.10 final x86_64, linked to openssl1.0.1e which is also compiled and installed from source under /usr/loca/lib64:

$ ls -l /usr/local/lib64/
total 7060
drwxr-xr-x 2 root root    4096 Nov 30 18:50 engines
-rw-r--r-- 1 root root 3858348 Nov 30 18:50 libcrypto.a
lrwxrwxrwx 1 root root      18 Nov 30 18:50 libcrypto.so -> libcrypto.so.1.0.0
-r-xr-xr-x 1 root root 2145661 Nov 30 18:50 libcrypto.so.1.0.0
-rw-r--r-- 1 root root  729426 Nov 30 18:50 libssl.a
lrwxrwxrwx 1 root root      15 Nov 30 18:50 libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root  463549 Nov 30 18:50 libssl.so.1.0.0
drwxr-xr-x 2 root root    4096 Nov 30 01:21 pkgconfig

I've used the following process to compile openssl1.0.1e:

$ ./Configure --prefix=/usr/local --openssldir=/usr/local/openssl enable-tlsext linux-x86_64 threads zlib enable-idea enable-rc5 enable-mdc2 enable-ec shared
$ make depend
$ make
$ sudo make install

$ openssl version
OpenSSL 1.0.1e 11 Feb 2013

$ openssl s_client -connect smtp.gmail.com:25 -starttls smtp | grep Protocol
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
250 CHUNKING
    Protocol  : TLSv1.2

$ openssl s_client -connect gmail.com:443 | grep Protocol
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
    Protocol  : TLSv1.2

So as expected the client gets to use the TLSv1.2 protocol. I guess that means (maybe) openssl is good to go ...

The relevant part of my apache configure command:

$ ./configure LDFLAGS="-L/usr/local/lib64" --enable-ssl=shared --with-ssl=/usr/local/lib64 .....

with double attempt to point apache to the openssl libraries, but make is failing with following error:

/home/igor.cicimov/httpd-2.2.26/srclib/apr/libtool --silent --mode=link gcc -g -O2 -pthread     -L/usr/lib64 -L/usr/local/lib64/lib -L/usr/kerberos/lib64  -L/usr/local/lib64 -o ab  ab.lo   -lm /home/igor.cicimov/httpd-2.2.26/srclib/pcre/libpcre.la /home/igor.cicimov/httpd-2.2.26/srclib/apr-util/libaprutil-1.la /home/igor.cicimov/httpd-2.2.26/srclib/apr-util/xml/expat/libexpat.la /home/igor.cicimov/httpd-2.2.26/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lssl -lcrypto -ldl -lz
.libs/ab.o: In function `main':
/home/igor.cicimov/httpd-2.2.26/support/ab.c:2241: undefined reference to `TLSv1_2_client_method'
/home/igor.cicimov/httpd-2.2.26/support/ab.c:2239: undefined reference to `TLSv1_1_client_method'
collect2: ld returned 1 exit status
make[2]: *** [ab] Error 1
make[2]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/igor.cicimov/httpd-2.2.26/support'
make: *** [all-recursive] Error 1

This is not my first time I compile apache and openssl and have never seen this error about apache tools. What am I missing here? Any thoughts?

I guess it is because of the order of the system library and your local library dir in the linker search path:

libtool --mode=link ... -L/usr/lib64 -L/usr/local/lib64/lib ...
 
Yeah but that kinda beats the purpose of "--with-ssl" switch when compiling apache. This should tell apache to look for the openssl libraries in that directory and nowhere else otherwise how are we going to be able to build apache against specific openssl version on systems that have multiple versions of it installed?

Something is definitely wrong here, either apache does not behave as expected during compile time or I'm totally mistaken about the use of the  "--with-ssl" option.

Cheers,
Igor


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux