httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: SSL and Apache Httpd 2.4.7 [was Re: 2.4.8 This Month]
Date Thu, 20 Feb 2014 00:37:01 GMT
On 20/02/2014 00:24, Tom Browder wrote:
> On Wed, Feb 19, 2014 at 7:09 PM, Dr Stephen Henson
> <shenson@opensslfoundation.com> wrote:
>> On 19/02/2014 23:54, Tom Browder wrote:
>>> On Wed, Feb 19, 2014 at 11:21 AM, Tom Browder <tom.browder@gmail.com> wrote:
>>>> On Wed, Feb 19, 2014 at 10:53 AM, Dr Stephen Henson
>>>> <shenson@opensslfoundation.com> wrote:
>>>>> On 19/02/2014 15:08, Tom Browder wrote:
>>>>>> I configured httpd-2.4.7 successfully to use mod_ssl:
>>>>>>
>>>>>>   ...
>>>>> That could be user error. The path /usr/local/ssl/fips-2.0 is the default
>>>>> install location of the FIPS module which isn't a complete version of
OpenSSL.
>>>>> It should point to the location the FIPS capable OpenSSL is installed
instead.
>>>>
>>>> Hm, I thought I tried that but I'll recheck and configure with:
>>>>
>>>>   --with-ssl=/usr/local/ssl
>>>
>>> Bummer!
>>>
>>> When I did that, I get this:
>>>
>>> checking for OpenSSL... checking for user-provided OpenSSL base
> ..
>>> checking for OpenSSL version >= 0.9.7... OK
> 
>> Well something is wrong there with it indicating OpenSSL version 0.9.7. If you
>> intend to use the FIPS 2.0 module you must use OpenSSL 1.0.1.
> 
> That doesn't mean its using 0.9.7.  As a matter of fact my Debian
> installed OpenSSL is 1.0.1e, and Im trying to use 1.0.1.f FIPS.
> 
> But now I get a failure to build Apache:
> 
> /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_free':
> c_zlib.c:(.text+0x4d): undefined reference to `inflateEnd'
> c_zlib.c:(.text+0x69): undefined reference to `deflateEnd'
> /usr/local/ssl/lib/libcrypto.a(c_zlib.o): In function `bio_zlib_ctrl':
> c_zlib.c:(.text+0x24e): undefined reference to `deflate'
> c_zlib.c:(.text+0x338): undefined reference to `zError'
> 
> So should I just kiss off Open SSL FIPS and Apache?
> 

What options did you use to configure OpenSSL? That looks like it has been
configured to use a static link to zlib. Do you need zlib support?

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message