RE: Help Please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 Vince/Igor,
 
I fixed my config.nice problem.
make and make install are went well.
Now,My apache is running in the FIPS mode.
 
The problem was a file called /usr/bin/pkg-config  and I moved it to /usr/bin/pkg-config.backup and I ran the /usr/local/apache/build/config.nice under /var/tmp/httpd-2.2.25 and it was went well.
 
I do not know the exact problem,If pkg-config was there under /usr/bin.
 
Seems,/usr/bin/pkg-config was setting up the SSL_LIBS with few libs information and I moved /usr/bin/pkg-config to backup folder,after that config.nice was setting up the SSL_LIBS with correct information and config.nice was happy with my openssl-1.0.1e fips libs.
 
Here is the log information;
--------------------------------------------------------------------------------------------------------------------------------------------------------

[Sat Dec 14 10:25:50 2013] [notice] Operating in SSL FIPS mode

[Sat Dec 14 10:25:51 2013] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]

[Sat Dec 14 10:25:53 2013] [notice] Digest: generating secret for digest authentication ...

[Sat Dec 14 10:25:53 2013] [notice] Digest: done

[Sat Dec 14 10:25:53 2013] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?

[Sat Dec 14 10:25:53 2013] [notice] Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e-fips configured -- resuming normal operations

---------------------------------------------------------------------------------------------------------------------------------------------------

 

So,Guys,Thanks for all your help.

 

Please let me know,If You have any questions or concerns.

 

Thanks,

Srinivas

 

 

 

 

 

 

 




 


Srinivasa Rao Katta(System Administrator),
skatta33@xxxxxxxxxxx,
 


 

From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 13:10:33 -0500

Igor,
 
Here is the information regarding How I build the openssl 1.0.1e for fips compatible;
 
1.
openssl-fips-ecp-2.0.3.tar.gz




 
 
 
 
 
  # cd /var/tmp/openssl-fips-2.0.3

  #./config
  #make
  #make install

Note:make install  created a folder called fips-2.0 under /usr/local/ssl
 
2.
Now,I compiled  openssl-1.0.1e  with fips option as like as follows;
 
.Copied openssl source compressed tar file(openssl-1.0.1e.tar.gz) on to /var/tmp,
.Uncompressed and Untar the above file under /var/tmp,
.Changed directory to /var/tmp/openssl-1.0.1e,
.I run the following cmds as a user root;
 
 #cd  /var/tmp/openssl-1.0.1e
 #./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ no-ec2m
 #make
 #make install

Note: Make install copied the all the openssl files to under /usr/local/ssl,
I checked the openssl version like as follows;
 
 #cd /usr/local/ssl
 #cd bin
 #./openssl
 
 OpenSSL>version
 OpenSSL 1.0.1e-fips 11 Feb 2013
 OpenSSL>exit
 #
---------------------------------------------------------------------------------------------
Note:
 
I compiled above fips and openssl using gcc-4.7.2 compiler.
 
Please let me know,If You have any questions or concerns.
 
Thanks,
Srinivas

 


Srinivasa Rao Katta(System Administrator),
skatta33@xxxxxxxxxxx,
 


 

From: skatta33@xxxxxxxxxxx
To: icicimov@xxxxxxxxx
Subject: RE: Help Please
Date: Fri, 6 Dec 2013 06:01:27 -0500

Igor,
 
Thanks for the response to my email.
 
I will give you all the information,When I go to office today.
 
Thanks,
Srinivas




Srinivasa Rao Katta(System Administrator),
skatta33@xxxxxxxxxxx,
 


 

Date: Fri, 6 Dec 2013 09:00:01 +1100
Subject: Re: Help Please
From: icicimov@xxxxxxxxx
To: skatta33@xxxxxxxxxxx

How did you install openssl-1.0.1e? Obviously apache is not happy about something there.

On 06/12/2013 8:42 AM, "Srinivasa Rao Katta" <skatta33@xxxxxxxxxxx> wrote:
Hi Igor,
 
I need your help for to fix my config.nice problem.
 
Here is my system information;
 
SunOS 5.10 Generic_150400-03 sun4v sparc sun4v
 
Apache version 2.2.25
 
Openssl
-----------
 #> /usr/local/ssl/bin/openssl
OpenSSL> version
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL>

# cd /usr/local/ssl/lib
 #> ls -la
total 8218
drwx------   4 root     root           6 Dec  4 18:31 .
drwx------  10 root     root          11 Dec  4 18:31 ..
drwx------   2 root     root           2 Dec  4 18:31 engines
-rw-r--r--   1 root     root     3507800 Dec  4 18:31 libcrypto.a
-rw-r--r--   1 root     root      544216 Dec  4 18:31 libssl.a
drwx------   2 root     root           5 Dec  4 18:31 pkgconfig
 #
 
gcc
----
 # gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/local/gcc4/libexec/gcc/sparc-sun-solaris2.10/4.7.2/lto-wrapper
Target: sparc-sun-solaris2.10
Configured with: ../configure --without-gnu-as --with-as=/usr/ccs/bin/as --without-gnu-ld --with-ld=/usr/ccs/bin/ld --enable-shared --enable-languages=c,c++,fortran,objc --prefix=/usr/local/gcc4
Thread model: posix
gcc version 4.7.2 (GCC)
 #>
 
Here is /usr/local/apache/build/config.nice information;
 
#! /bin/sh
#
# Created by configure
"./configure" \
"--prefix=/usr/local/apache" \
"--enable-mime-magic" \
"--enable-info" \
"--enable-imagemap" \
"--enable-speling" \
"--enable-rewrite" \
"--enable-authz-host" \
"--enable-authn-anon" \
"--enable-authn-dbm" \
"--enable-auth-digest" \
"--enable-cern-meta" \
"--enable-expires" \
"--enable-headers" \
"--enable-unique_id" \
"--enable-so" \
"--enable-ssl" \
"--with-ssl=/usr/local/ssl" \
"$@"
 #>
 
I was getting following error,When I run config.nice;
 
#/usr/local/apache/build/config.nice
--------------------------------------------------------------------------------------

checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
  adding "-I/usr/local/ssl/include" to CPPFLAGS
  adding "-I/usr/local/ssl/include" to INCLUDES
  adding "-L/usr/local/ssl/lib" to LDFLAGS
  adding "-R/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
  forcing SSL_LIBS to "-lssl -lcrypto  "
  adding "-lssl" to LIBS
  adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... no
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable
 #>
----------------------------------------------------------------------------------------------------
Note:I was getting following error,When I run the /usr/local/apache/build/config.nice;
 
configure: error: ... Error, SSL/TLS libraries were missing or unusable
 
Note:When I copy following openssl 1.0.1c libs to /usr/local/lib,config.nice was running fine and make and make install was running fine;
 
 #> ls -la
total 13872
drwx------   2 root     root           8 Dec  4 17:40 .
drwxr-xr-x  10 bin      bin          109 Dec  5 15:18 ..
-rwx------   1 root     root     1882678 Dec  4 17:07 libcrypto.so
-rwx------   1 root     root     1632892 Dec  4 17:11 libcrypto.so.0.9.8
-rwx------   1 root     root     1882678 Dec  4 17:11 libcrypto.so.1.0.0
-rwx------   1 root     root      409381 Dec  4 17:08 libssl.so
-rwx------   1 root     root      302436 Dec  4 17:11 libssl.so.0.9.8
-rwx------   1 root     root      409381 Dec  4 17:11 libssl.so.1.0.0
 #>
 
I was getting following output,After done make install,if I used above libs under /usr/local/lib;
 
[notice] Apache/2.2.25(Unix) mod_ssl/2.2.25 OpenSSL/1.0.1c configured -- resuming normal operations
 
I want to compile the apache 2.2.25 for FIPS compatability.So,As per Google,I was used following varaiables on the server before run the config.nice;
 
export CC=/usr/local/ssl/fips-2.0/bin/fipsld
 export FIPSLD_CC=gcc 
export LTFLAGS=--tag=CC
 
Please advice me How I can fix following config.nice running problem;
--------------------------------------------------------------------------------------------
configure: error: ... Error, SSL/TLS libraries were missing or unusable
-------------------------------------------------------------------------------------------
 
Please find attached config.log file,Which is broken.
 
I was done config.nice and make and make install on other Solaris zone without any problem;
 
Please find attached config.log for working server.
 
Please let me know,If You have any questions or concerns.
 
Please take your own time.
 
Thanks,
Srinivas
 
 
 
 
 
 
 
 
 


 

Srinivasa Rao Katta(System Administrator),
skatta33@xxxxxxxxxxx,
 


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux