Example ... Using openssh-SNAP-20140822.tar.gz ... on Centos 2.1 .. $ openssl version OpenSSL 0.9.6b [engine] 9 Jul 2001 $ ./configure ... checking OpenSSL header version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) checking whether OpenSSL's headers match the library... yes checking if programs using OpenSSL functions will link... yes checking whether OpenSSL has crippled AES support... yes checking whether OpenSSL has AES CTR via EVP... no checking whether OpenSSL has AES GCM via EVP... no checking whether OpenSSL has NID_X9_62_prime256v1... no checking whether OpenSSL has NID_secp384r1... no checking whether OpenSSL has NID_secp521r1... no checking whether OpenSSL's PRNG is internally seeded... yes ... Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -fno-builtin-memset -std=gnu99 Preprocessor flags: Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack Libraries: -lresolv -lcrypto -lrt -ldl -lutil -lz -lnsl -lcrypt $ gmake ... gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c openssl-compat.c In file included from openssl-compat.c:32: openssl-compat.h:28:2: #error OpenSSL 0.9.8f or greater is required gmake[1]: *** [openssl-compat.o] Error 1 gmake[1]: Leaving directory `/usr/src/openssh/openbsd-compat' gmake: *** [openbsd-compat/libopenbsd-compat.a] Error 2 This happens on all the Red Hat based systems where openssl < 1.0.0-fips On Wed, Aug 20, 2014 at 5:47 PM, Damien Miller <djm@xxxxxxxxxxx> wrote: > On Wed, 20 Aug 2014, Kevin Brott wrote: > > > FAIL*1 - configure completes without errors ... > > make[1]: Entering directory `/usr/src/openssh/openbsd-compat' > > gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare > > -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 > > -fno-builtin-memset -std=gnu99 -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c > > openssl-compat.c > > In file included from openssl-compat.c:32: > > openssl-compat.h:28:2: #error OpenSSL 0.9.8f or greater is required > > that's strange - you aren't cross-compiling? The test in configure.ac > won't work for x-compiles. > > If not, what does configure report your OpenSSL version as? e.g. > > checking OpenSSL header version... 1000106f (OpenSSL 1.0.1f 6 Jan 2014) > checking OpenSSL library version... 1000106f (OpenSSL 1.0.1f 6 Jan 2014) > > > make[1]: Leaving directory `/usr/src/openssh/openbsd-compat' > > make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 > > > > FAIL*2 - port-aix.c still fails to compile on RHEL and AIX where ec.h > isn't > > part of openssl ... > > gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare > > -Wformat-security -Wno-pointer-sign -fno-strict-aliasing > -D_FORTIFY_SOURCE=2 > > -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE -I. -I.. -I. > > -I./.. -DHAVE_CONFIG_H -c port-aix.c > > In file included from port-aix.c:31: > > ../key.h:85: warning: type defaults to ?int? in declaration of > ?EC_GROUP? > > ../key.h:85: error: expected ?;?, ?,? or ?)? before ?*? token > > ../key.h:86: warning: type defaults to ?int? in declaration of > ?EC_KEY? > > ../key.h:86: error: expected ?;?, ?,? or ?)? before ?*? token > > another missing check for no-ECC OpenSSL: > > Index: key.h > =================================================================== > RCS file: /var/cvs/openssh/key.h,v > retrieving revision 1.45 > diff -u -p -r1.45 key.h > --- key.h 2 Jul 2014 05:28:03 -0000 1.45 > +++ key.h 21 Aug 2014 00:46:48 -0000 > @@ -81,10 +81,10 @@ int key_cert_check_authority(const Key > const char **); > char *key_alg_list(int, int); > > -#ifdef WITH_OPENSSL > +#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) > int key_ec_validate_public(const EC_GROUP *, const EC_POINT *); > int key_ec_validate_private(const EC_KEY *); > -#endif /* WITH_OPENSSL */ > +#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */ > > Key *key_from_blob(const u_char *, u_int); > int key_to_blob(const Key *, u_char **, u_int *); > -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott@xxxxxxxxx> */ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev