On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote: > > > compiled zlib: > > > ./configure > > > make > > > make install > > > > What's your prefix here? It'd probably default to /usr/local > > default prefix is /usr/local (compiled library will be in /usr/local/lib and include files are in /usr/local/include) > > > > compiled openssl 0.9.8i: > > > ./config no-zlib shared > > > make > > > make install > > > > Again, what's the prefix? And, specifying 'shared' will build the > > *.so libraries which are then picked up by the Apache build system. > > default prefix is /usr/local/ssl > If I do not use "shared" the ./configure of apache fails. To compile mod_ssl statically into httpd can't be done without having compiled the shared libs of openssl. > > > > > > > compiled apache httpd: > > > ./buildconf > > > ./configure --prefix=/usr/local/apache2.2.11 \ > > > --enable-static-support \ > > > --with-mpm=worker \ > > > --enable-mods-shared=all \ > > > --enable-so \ > > > --enable-deflate=static \ > > > --with-z=/usr/local/lib \ > > > > Usually, you point to the top of the zlib installation which > > would be / > > usr/local, under which the compiler finds the include/headers > > and the > > linker finds the lib/libraries. > > You're right, that was a mistake, I recompiled with --with-z=/usr/local, but the result is the same. > > > > > --enable-ssl=static \ > > > --with-ssl=/usr/local/ssl \ > > > > This must match your prefix above, or the default. > > that's correct. > > > > > > --enable-rewrite=static \ > > > --enable-auth-basic=static \ > > > --enable-authn-file=static \ > > > --enable-authz-user=static \ > > > --enable-authz-groupfile=static \ > > > --enable-authz-host=static \ > > > --enable-expires=static \ > > > --enable-headers=static > > > > > > If I look to the depencies with ldd there is a dynamically linked > > > libz and libssl: > > > > > > linux-gate.so.1 => (0xffffe000) > > > libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 > > > (0xb7eb9000) > > > libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 > > > (0xb7d7e000) > > > > That's your system installation of openssl 0.9.8*. Two things may > > have happened: > > > > 1) You linked against the .so shared libraries in your installation, > > but at runtime you're picking up the system copy. It seems that > > embedding the hard path to the shared libraries in the > > calling binary > > doesn't work too well on Linnicks. This can be remedied by adding / > > usr/local/ssl/lib (or whatever, see the discussion on prefix > > above) to > > the LD_LIBRARY_PATH environment variable when you start > > Apache. This > > can be done in the script that starts the server, or on the command > > line for testing. > > We do use the compiled versions of httpd on other machines (production), that's the reason we do not wan't to have dynamic linked binaries. It was never necessary to modify LD_LIBRARY_PATH before because everything httpd needs (zlib and ssl) should be compiled into httpd. > > > > > 2) The System openssl was found in favor of yours when configuring. > > This should not happen. Study your ./configure output where > > it tries > > to find the proper openssl library and see what exactly happens there. > > > The output of ./configure seems to be correct: > > checking for SSL/TLS toolkit base... /usr/local/ssl > adding "-I/usr/local/ssl/include" to CPPFLAGS > adding "-I/usr/local/ssl/include" to INCLUDES > adding "-L/usr/local/ssl/lib" to LDFLAGS > checking for OpenSSL version... checking openssl/opensslv.h usability... yes > checking openssl/opensslv.h presence... yes > checking for openssl/opensslv.h... yes > checking openssl/ssl.h usability... yes > checking openssl/ssl.h presence... yes > checking for openssl/ssl.h... yes > OK > forcing SSL_LIBS to "-lssl -lcrypto -lrt -lcrypt -lpthread -ldl" > adding "-lssl" to LIBS > adding "-lcrypto" to LIBS > adding "-lrt" to LIBS > adding "-lcrypt" to LIBS > adding "-lpthread" to LIBS > adding "-ldl" to LIBS > checking openssl/engine.h usability... yes > checking openssl/engine.h presence... yes > checking for openssl/engine.h... yes > checking for SSLeay_version... yes > checking for SSL_CTX_new... yes > checking for ENGINE_init... yes > checking for ENGINE_load_builtin_engines... yes > checking for SSL_set_cert_store... no > forcing MOD_SSL_LDADD to "$(SSL_LIBS)" > checking whether Distcache is required... no (default) > checking whether to enable mod_ssl... yes > adding "-I$(top_srcdir)/modules/ssl" to INCLUDES > > > > > > > > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000) > > > libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/ > > > libaprutil-1.so.0 (0xb7d3d000) > > > libexpat.so.0 => /usr/local/apache2.2.11/lib/libexpat.so.0 > > > (0xb7d21000) > > > libapr-1.so.0 => /usr/local/apache2.2.11/lib/libapr-1.so.0 > > > (0xb7cfc000) > > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000) > > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 > > (0xb7cc4000) > > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 > > > (0xb7cb2000) > > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000) > > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000) > > > libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000) > > > > Again, that's the system copy. Same story, plus it may not > > have found > > yours because your parameter was off. Again, see your ./configure > > output. > > Output seems to be correct: > checking whether to enable mod_deflate... checking dependencies > adding "-I/usr/local/include" to INCLUDES > adding "-L/usr/local/lib" to LDFLAGS > adding "-lz" to LIBS > checking for zlib library... found > forcing MOD_DEFLATE_LDADD to "-lz" > removed "-lz" from LIBS > checking whether to enable mod_deflate... yes > > > > > > > > > /lib/ld-linux.so.2 (0xb7efe000) > > > > > > What's going wrong? libssl and libz shouldn't be linked > > dynamically. > > > With httpd 2.2.3 and the same configuration I haven't had these > > > problems. ldd from the old 2.2.3 shows following depencies: > > > > > > linux-gate.so.1 => (0xffffe000) > > > libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000) > > > libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/ > > > libaprutil-1.so.0 (0xb7ec9000) > > > libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0 > > > (0xb7eac000) > > > libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0 > > > (0xb7e8a000) > > > librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000) > > > libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 > > (0xb7e53000) > > > libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 > > > (0xb7e40000) > > > libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000) > > > libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000) > > > /lib/ld-linux.so.2 (0xb7f0a000) > > > > No openssl libraries linked to this one. Are you sure they weren't > > just linked into mod_ssl.so? > > I'm pretty sure, in this case there's no mod_ssl.so because it's compiled into httpd, > > cheers > mike > configure just builds up the list of locations where to find libraries that have the features it needs. So, you tell it SSL is in /usr/local/ssl, it goes away and looks there and says "you're right, theres SSL libraries there, adding /usr/local/ssl/lib to LDPATH, /usr/local/ssl/include to CFLAGS". When it comes to build/link the components though, it has no idea that it is supposed to be using the SSL libraries from /usr/local/ssl, just that it has a list of folders which it CAN use. It searches them in order, looking for a library that works in the manner required. Once the linker has found a suitable library, it links it in. Your problem is that your system SSL libraries are picked up before your custom built ones are found. A simple way to fix this is to modify the makefile rules for those modules, to remove the dynamic linking statements and add some dirty static linking. Eg, I just grabbed 2.2.11, ran ./configure \ --prefix=/tmp/foobar \ --enable-so \ --enable-mods-shared="ssl deflate" built and installed it. This gave me an httpd binary and module files linked like so (this is FreeBSD, so YMMV): bin/httpd: libm.so.5 => /lib/libm.so.5 (0x280f3000) libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000) libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000) libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000) libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000) libthr.so.3 => /lib/libthr.so.3 (0x2834a000) libc.so.7 => /lib/libc.so.7 (0x2835d000) modules/mod_deflate.so: libz.so.4 => /lib/libz.so.4 (0x28187000) libc.so.7 => /lib/libc.so.7 (0x28080000) modules/mod_ssl.so: libssl.so.5 => /usr/lib/libssl.so.5 (0x281ac000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x281ed000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x28347000) libthr.so.3 => /lib/libthr.so.3 (0x28360000) libc.so.7 => /lib/libc.so.7 (0x28080000) I dont want to use dynamic libz in mod_deflate, and I dont want to use dynamic libssl in mod_ssl. I therefore edit (from apache top build directory) build/config_vars.mk and make these changes: --- build/config_vars.mk.orig +++ build/config_vars.mk @@ -50,5 +50,5 @@ MOD_INCLUDE_LDADD = MOD_FILTER_LDADD = -MOD_DEFLATE_LDADD = -lz +MOD_DEFLATE_LDADD = /usr/lib/libz.a MOD_LOG_CONFIG_LDADD = MOD_ENV_LDADD = @@ -60,5 +60,5 @@ MOD_PROXY_AJP_LDADD = MOD_PROXY_BALANCER_LDADD = -SSL_LIBS = -lssl -lcrypto -lcrypt -lpthread +SSL_LIBS = /usr/lib/libssl.a -lcrypto -lcrypt -lpthread MOD_SSL_LDADD = $(SSL_LIBS) -export-symbols-regex ssl_module MPM_NAME = prefork and clean, rebuild and reinstall (make clean all && make install). You should get warnings about this not being portable - and it isnt. These binaries probably wont run on differently setup boxes. This then gives me the modules built like so: bin/httpd: libm.so.5 => /lib/libm.so.5 (0x280f3000) libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3 (0x28108000) libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000) libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000) libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000) libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000) libthr.so.3 => /lib/libthr.so.3 (0x2834a000) libc.so.7 => /lib/libc.so.7 (0x2835d000) modules/mod_deflate.so: libc.so.7 => /lib/libc.so.7 (0x28080000) modules/mod_ssl.so: libcrypto.so.5 => /lib/libcrypto.so.5 (0x281e2000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x2833c000) libthr.so.3 => /lib/libthr.so.3 (0x28355000) libc.so.7 => /lib/libc.so.7 (0x28080000) HTH Tom --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx