Vince/Igor,
I fixed my config.nice problem.
make and make install are went well.
Now,My apache is running in the FIPS mode.
The problem was a file called /usr/bin/pkg-config and I moved it to /usr/bin/pkg-config.backup and I ran the /usr/local/apache/build/config.nice under /var/tmp/httpd-2.2.25 and it was went well.
I do not know the exact problem,If pkg-config was there under /usr/bin.
Seems,/usr/bin/pkg-config was setting up the SSL_LIBS with few libs information and I moved /usr/bin/pkg-config to backup folder,after that config.nice was setting up the SSL_LIBS with correct information and config.nice was happy with my openssl-1.0.1e fips libs.
Here is the log information;
--------------------------------------------------------------------------------------------------------------------------------------------------------
From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 13:10:33 -0500
I fixed my config.nice problem.
make and make install are went well.
Now,My apache is running in the FIPS mode.
The problem was a file called /usr/bin/pkg-config and I moved it to /usr/bin/pkg-config.backup and I ran the /usr/local/apache/build/config.nice under /var/tmp/httpd-2.2.25 and it was went well.
I do not know the exact problem,If pkg-config was there under /usr/bin.
Seems,/usr/bin/pkg-config was setting up the SSL_LIBS with few libs information and I moved /usr/bin/pkg-config to backup folder,after that config.nice was setting up the SSL_LIBS with correct information and config.nice was happy with my openssl-1.0.1e fips libs.
Here is the log information;
--------------------------------------------------------------------------------------------------------------------------------------------------------
[Sat Dec 14 10:25:50 2013] [notice] Operating in SSL FIPS mode
[Sat Dec 14 10:25:51 2013] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Sat Dec 14 10:25:53 2013] [notice] Digest: generating secret for digest authentication ...
[Sat Dec 14 10:25:53 2013] [notice] Digest: done
[Sat Dec 14 10:25:53 2013] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Sat Dec 14 10:25:53 2013] [notice] Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e-fips configured -- resuming normal operations
---------------------------------------------------------------------------------------------------------------------------------------------------
So,Guys,Thanks for all your help.
Please let me know,If You have any questions or concerns.
Thanks,
Srinivas
From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 13:10:33 -0500
Igor,
Here is the information regarding How I build the openssl 1.0.1e for fips compatible;
1.
openssl-fips-ecp-2.0.3.tar.gz
# cd /var/tmp/openssl-fips-2.0.3
#./config
#make
#make install
Note:make install created a folder called fips-2.0 under /usr/local/ssl
2.
Now,I compiled openssl-1.0.1e with fips option as like as follows;
.Copied openssl source compressed tar file(openssl-1.0.1e.tar.gz) on to /var/tmp,
.Uncompressed and Untar the above file under /var/tmp,
.Changed directory to /var/tmp/openssl-1.0.1e,
.I run the following cmds as a user root;
#cd /var/tmp/openssl-1.0.1e
#./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ no-ec2m
#make
#make install
Note: Make install copied the all the openssl files to under /usr/local/ssl,
I checked the openssl version like as follows;
#cd /usr/local/ssl
#cd bin
#./openssl
OpenSSL>version
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL>exit
#
---------------------------------------------------------------------------------------------
Note:
I compiled above fips and openssl using gcc-4.7.2 compiler.
Please let me know,If You have any questions or concerns.
Thanks,
Srinivas
From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 06:01:27 -0500
Here is the information regarding How I build the openssl 1.0.1e for fips compatible;
1.
openssl-fips-ecp-2.0.3.tar.gz
# cd /var/tmp/openssl-fips-2.0.3
#./config
#make
#make install
Note:make install created a folder called fips-2.0 under /usr/local/ssl
2.
Now,I compiled openssl-1.0.1e with fips option as like as follows;
.Copied openssl source compressed tar file(openssl-1.0.1e.tar.gz) on to /var/tmp,
.Uncompressed and Untar the above file under /var/tmp,
.Changed directory to /var/tmp/openssl-1.0.1e,
.I run the following cmds as a user root;
#cd /var/tmp/openssl-1.0.1e
#./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ no-ec2m
#make
#make install
Note: Make install copied the all the openssl files to under /usr/local/ssl,
I checked the openssl version like as follows;
#cd /usr/local/ssl
#cd bin
#./openssl
OpenSSL>version
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL>exit
#
---------------------------------------------------------------------------------------------
Note:
I compiled above fips and openssl using gcc-4.7.2 compiler.
Please let me know,If You have any questions or concerns.
Thanks,
Srinivas
From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 06:01:27 -0500
Igor,
Thanks for the response to my email.
I will give you all the information,When I go to office today.
Thanks,
Srinivas
Date: Fri, 6 Dec 2013 09:00:01 +1100
Subject: Re: Help Please
From: icicimov@xxxxxxxxx
To: skatta33@xxxxxxxxxxx
Thanks for the response to my email.
I will give you all the information,When I go to office today.
Thanks,
Srinivas
Date: Fri, 6 Dec 2013 09:00:01 +1100
Subject: Re: Help Please
From: icicimov@xxxxxxxxx
To: skatta33@xxxxxxxxxxx
How did you install openssl-1.0.1e? Obviously apache is not happy about something there.
On 06/12/2013 8:42 AM, "Srinivasa Rao Katta" <skatta33@xxxxxxxxxxx> wrote:
Hi Igor,
I need your help for to fix my config.nice problem.
Here is my system information;
SunOS 5.10 Generic_150400-03 sun4v sparc sun4v
Apache version 2.2.25
Openssl
-----------
#> /usr/local/ssl/bin/openssl
OpenSSL> version
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL>
# cd /usr/local/ssl/lib
#> ls -la
total 8218
drwx------ 4 root root 6 Dec 4 18:31 .
drwx------ 10 root root 11 Dec 4 18:31 ..
drwx------ 2 root root 2 Dec 4 18:31 engines
-rw-r--r-- 1 root root 3507800 Dec 4 18:31 libcrypto.a
-rw-r--r-- 1 root root 544216 Dec 4 18:31 libssl.a
drwx------ 2 root root 5 Dec 4 18:31 pkgconfig
#
gcc
----
# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/local/gcc4/libexec/gcc/sparc-sun-solaris2.10/4.7.2/lto-wrapper
Target: sparc-sun-solaris2.10
Configured with: ../configure --without-gnu-as --with-as=/usr/ccs/bin/as --without-gnu-ld --with-ld=/usr/ccs/bin/ld --enable-shared --enable-languages=c,c++,fortran,objc --prefix=/usr/local/gcc4
Thread model: posix
gcc version 4.7.2 (GCC)
#>
Here is /usr/local/apache/build/config.nice information;
#! /bin/sh
#
# Created by configure
"./configure" \
"--prefix=/usr/local/apache" \
"--enable-mime-magic" \
"--enable-info" \
"--enable-imagemap" \
"--enable-speling" \
"--enable-rewrite" \
"--enable-authz-host" \
"--enable-authn-anon" \
"--enable-authn-dbm" \
"--enable-auth-digest" \
"--enable-cern-meta" \
"--enable-expires" \
"--enable-headers" \
"--enable-unique_id" \
"--enable-so" \
"--enable-ssl" \
"--with-ssl=/usr/local/ssl" \
"$@"
#>
I was getting following error,When I run config.nice;
#/usr/local/apache/build/config.nice
--------------------------------------------------------------------------------------
checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
adding "-R/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto "
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... no
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable
#>
----------------------------------------------------------------------------------------------------
Note:I was getting following error,When I run the /usr/local/apache/build/config.nice;
configure: error: ... Error, SSL/TLS libraries were missing or unusable
Note:When I copy following openssl 1.0.1c libs to /usr/local/lib,config.nice was running fine and make and make install was running fine;
#> ls -la
total 13872
drwx------ 2 root root 8 Dec 4 17:40 .
drwxr-xr-x 10 bin bin 109 Dec 5 15:18 ..
-rwx------ 1 root root 1882678 Dec 4 17:07 libcrypto.so
-rwx------ 1 root root 1632892 Dec 4 17:11 libcrypto.so.0.9.8
-rwx------ 1 root root 1882678 Dec 4 17:11 libcrypto.so.1.0.0
-rwx------ 1 root root 409381 Dec 4 17:08 libssl.so
-rwx------ 1 root root 302436 Dec 4 17:11 libssl.so.0.9.8
-rwx------ 1 root root 409381 Dec 4 17:11 libssl.so.1.0.0
#>
I was getting following output,After done make install,if I used above libs under /usr/local/lib;
[notice] Apache/2.2.25(Unix) mod_ssl/2.2.25 OpenSSL/1.0.1c configured -- resuming normal operations
I want to compile the apache 2.2.25 for FIPS compatability.So,As per Google,I was used following varaiables on the server before run the config.nice;
export CC=/usr/local/ssl/fips-2.0/bin/fipsld
export FIPSLD_CC=gcc
export LTFLAGS=--tag=CC
Please advice me How I can fix following config.nice running problem;
--------------------------------------------------------------------------------------------
configure: error: ... Error, SSL/TLS libraries were missing or unusable
-------------------------------------------------------------------------------------------
Please find attached config.log file,Which is broken.
I was done config.nice and make and make install on other Solaris zone without any problem;
Please find attached config.log for working server.
Please let me know,If You have any questions or concerns.
Please take your own time.
Thanks,
Srinivas
