httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From xPostings <postin...@mysign.ch>
Subject [users@httpd] Re: Can't Compile httpd 2.2.11 linked statically with ssl and zlib
Date Wed, 24 Dec 2008 08:19:08 GMT
Hi

I think the main problem is not, that the httpd has a depency to libz and libssl. In my "old"
compilation with httpd 2.2.3 and also 2.2.8 there was NO depency to libz and libssl, it was
compiled INTO httpd, also the httpd was bigger than the 2.2.11. But I used exactly the same
confs and parameters. So maybe the correct question should be: How can I compile libz and
libssl (with mod_ssl) into httpd?

cheers
mike


> -----Urspr√ľngliche Nachricht-----
> Von: Tom Evans [mailto:tevans.uk@googlemail.com]
> Gesendet: Freitag, 19. Dezember 2008 14:01
> An: users@httpd.apache.org
> Betreff: Re: AW: Can't Compile httpd 2.2.11 linked statically with ssl
> and zlib
>
>
> On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote:
> > > > compiled zlib:
> > > > ./configure
> > > > make
> > > > make install
> > >
> > > What's your prefix here?  It'd probably default to /usr/local
> >
> > default prefix is /usr/local (compiled library will be in
> /usr/local/lib and include files are in /usr/local/include)
> >
> > > > compiled openssl 0.9.8i:
> > > > ./config no-zlib shared
> > > > make
> > > > make install
> > >
> > > Again, what's the prefix?  And, specifying 'shared' will build the
> > > *.so libraries which are then picked up by the Apache
> build system.
> >
> > default prefix is /usr/local/ssl
> > If I do not use "shared" the ./configure of apache fails.
> To compile mod_ssl statically into httpd can't be done
> without having compiled the shared libs of openssl.
> >
> > > >
> > > > compiled apache httpd:
> > > > ./buildconf
> > > > ./configure --prefix=/usr/local/apache2.2.11 \
> > > > --enable-static-support \
> > > > --with-mpm=worker \
> > > > --enable-mods-shared=all \
> > > > --enable-so \
> > > > --enable-deflate=static \
> > > > --with-z=/usr/local/lib \
> > >
> > > Usually, you point to the top of the zlib installation which
> > > would be /
> > > usr/local, under which the compiler finds the include/headers
> > > and the
> > > linker finds the lib/libraries.
> >
> > You're right, that was a mistake, I recompiled with
> --with-z=/usr/local, but the result is the same.
> >
> >
> > > > --enable-ssl=static \
> > > > --with-ssl=/usr/local/ssl \
> > >
> > > This must match your prefix above, or the default.
> >
> > that's correct.
> >
> > >
> > > > --enable-rewrite=static \
> > > > --enable-auth-basic=static \
> > > > --enable-authn-file=static \
> > > > --enable-authz-user=static \
> > > > --enable-authz-groupfile=static \
> > > > --enable-authz-host=static \
> > > > --enable-expires=static \
> > > > --enable-headers=static
> > > >
> > > > If I look to the depencies with ldd there is a
> dynamically linked
> > > > libz and libssl:
> > > >
> > > >        linux-gate.so.1 =>  (0xffffe000)
> > > >        libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
> > > > (0xb7eb9000)
> > > >        libcrypto.so.0.9.8 =>
> /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > > > (0xb7d7e000)
> > >
> > > That's your system installation of openssl 0.9.8*.  Two things may
> > > have happened:
> > >
> > > 1) You linked against the .so shared libraries in your
> installation,
> > > but at runtime you're picking up the system copy.  It seems that
> > > embedding the hard path to the shared libraries in the
> > > calling binary
> > > doesn't work too well on Linnicks.  This can be remedied
> by adding /
> > > usr/local/ssl/lib (or whatever, see the discussion on prefix
> > > above) to
> > > the LD_LIBRARY_PATH environment variable when you start
> > > Apache.  This
> > > can be done in the script that starts the server, or on
> the command
> > > line for testing.
> >
> > We do use the compiled versions of httpd on other machines
> (production), that's the reason we do not wan't to have
> dynamic linked binaries. It was never necessary to modify
> LD_LIBRARY_PATH before because everything httpd needs (zlib
> and ssl) should be compiled into httpd.
> >
> > >
> > > 2) The System openssl was found in favor of yours when
> configuring.
> > > This should not happen.  Study your ./configure output where
> > > it tries
> > > to find the proper openssl library and see what exactly
> happens there.
> >
> >
> > The output of ./configure seems to be correct:
> >
> > checking for SSL/TLS toolkit base... /usr/local/ssl
> >   adding "-I/usr/local/ssl/include" to CPPFLAGS
> >   adding "-I/usr/local/ssl/include" to INCLUDES
> >   adding "-L/usr/local/ssl/lib" to LDFLAGS
> > checking for OpenSSL version... checking openssl/opensslv.h
> usability... yes
> > checking openssl/opensslv.h presence... yes
> > checking for openssl/opensslv.h... yes
> > checking openssl/ssl.h usability... yes
> > checking openssl/ssl.h presence... yes
> > checking for openssl/ssl.h... yes
> > OK
> >   forcing SSL_LIBS to "-lssl -lcrypto  -lrt -lcrypt  -lpthread -ldl"
> >   adding "-lssl" to LIBS
> >   adding "-lcrypto" to LIBS
> >   adding "-lrt" to LIBS
> >   adding "-lcrypt" to LIBS
> >   adding "-lpthread" to LIBS
> >   adding "-ldl" to LIBS
> > checking openssl/engine.h usability... yes
> > checking openssl/engine.h presence... yes
> > checking for openssl/engine.h... yes
> > checking for SSLeay_version... yes
> > checking for SSL_CTX_new... yes
> > checking for ENGINE_init... yes
> > checking for ENGINE_load_builtin_engines... yes
> > checking for SSL_set_cert_store... no
> >   forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
> > checking whether Distcache is required... no (default)
> > checking whether to enable mod_ssl... yes
> >   adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
> >
> > >
> > > >
> > > >        libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > > >        libaprutil-1.so.0 => /usr/local/apache2.2.11/lib/
> > > > libaprutil-1.so.0 (0xb7d3d000)
> > > >        libexpat.so.0 =>
> /usr/local/apache2.2.11/lib/libexpat.so.0
> > > > (0xb7d21000)
> > > >        libapr-1.so.0 =>
> /usr/local/apache2.2.11/lib/libapr-1.so.0
> > > > (0xb7cfc000)
> > > >        librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > > >        libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7cc4000)
> > > >        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7cb2000)
> > > >        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > > >        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > > >        libz.so.1 => /usr/lib/libz.so.1 (0xb7b69000)
> > >
> > > Again, that's the system copy.  Same story, plus it may not
> > > have found
> > > yours because your parameter was off.  Again, see your ./configure
> > > output.
> >
> > Output seems to be correct:
> > checking whether to enable mod_deflate... checking dependencies
> >   adding "-I/usr/local/include" to INCLUDES
> >   adding "-L/usr/local/lib" to LDFLAGS
> >   adding "-lz" to LIBS
> > checking for zlib library... found
> >   forcing MOD_DEFLATE_LDADD to "-lz"
> >   removed "-lz" from LIBS
> > checking whether to enable mod_deflate... yes
> >
> > >
> > > >
> > > >        /lib/ld-linux.so.2 (0xb7efe000)
> > > >
> > > > What's going wrong? libssl and libz shouldn't be linked
> > > dynamically.
> > > > With httpd 2.2.3 and the same configuration I haven't had these
> > > > problems. ldd from the old 2.2.3 shows following depencies:
> > > >
> > > >        linux-gate.so.1 =>  (0xffffe000)
> > > >        libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > > >        libaprutil-1.so.0 => /usr/local/apache2.2.3/lib/
> > > > libaprutil-1.so.0 (0xb7ec9000)
> > > >        libexpat.so.0 => /usr/local/apache2.2.3/lib/libexpat.so.0
> > > > (0xb7eac000)
> > > >        libapr-1.so.0 => /usr/local/apache2.2.3/lib/libapr-1.so.0
> > > > (0xb7e8a000)
> > > >        librt.so.1 => /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > > >        libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7e53000)
> > > >        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7e40000)
> > > >        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > > >        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > > >        /lib/ld-linux.so.2 (0xb7f0a000)
> > >
> > > No openssl libraries linked to this one.  Are you sure
> they weren't
> > > just linked into mod_ssl.so?
> >
> > I'm pretty sure, in this case there's no mod_ssl.so because
> it's compiled into httpd,
> >
> > cheers
> > mike
> >
> configure just builds up the list of locations where to find libraries
> that have the features it needs. So, you tell it SSL is
> in /usr/local/ssl, it goes away and looks there and says
> "you're right,
> theres SSL libraries there, adding /usr/local/ssl/lib to
> LDPATH, /usr/local/ssl/include to CFLAGS".
> When it comes to build/link the components though, it has no idea that
> it is supposed to be using the SSL libraries from /usr/local/ssl, just
> that it has a list of folders which it CAN use. It searches them in
> order, looking for a library that works in the manner
> required. Once the
> linker has found a suitable library, it links it in.
>
> Your problem is that your system SSL libraries are picked up
> before your
> custom built ones are found. A simple way to fix this is to modify the
> makefile rules for those modules, to remove the dynamic linking
> statements and add some dirty static linking.
>
> Eg, I just grabbed 2.2.11, ran
>   ./configure \
>   --prefix=/tmp/foobar \
>   --enable-so \
>   --enable-mods-shared="ssl deflate"
> built and installed it. This gave me an httpd binary and module files
> linked like so (this is FreeBSD, so YMMV):
> bin/httpd:
>       libm.so.5 => /lib/libm.so.5 (0x280f3000)
>       libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
>       libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
>       libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
>       libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
>       libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
>       libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
>       libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
>       libc.so.7 => /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
>       libz.so.4 => /lib/libz.so.4 (0x28187000)
>       libc.so.7 => /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
>       libssl.so.5 => /usr/lib/libssl.so.5 (0x281ac000)
>       libcrypto.so.5 => /lib/libcrypto.so.5 (0x281ed000)
>       libcrypt.so.4 => /lib/libcrypt.so.4 (0x28347000)
>       libthr.so.3 => /lib/libthr.so.3 (0x28360000)
>       libc.so.7 => /lib/libc.so.7 (0x28080000)
>
> I dont want to use dynamic libz in mod_deflate, and I dont want to use
> dynamic libssl in mod_ssl. I therefore edit (from apache top build
> directory) build/config_vars.mk and make these changes:
>
> --- build/config_vars.mk.orig
> +++ build/config_vars.mk
> @@ -50,5 +50,5 @@
>  MOD_INCLUDE_LDADD =
>  MOD_FILTER_LDADD =
> -MOD_DEFLATE_LDADD = -lz
> +MOD_DEFLATE_LDADD = /usr/lib/libz.a
>  MOD_LOG_CONFIG_LDADD =
>  MOD_ENV_LDADD =
> @@ -60,5 +60,5 @@
>  MOD_PROXY_AJP_LDADD =
>  MOD_PROXY_BALANCER_LDADD =
> -SSL_LIBS = -lssl -lcrypto -lcrypt -lpthread
> +SSL_LIBS = /usr/lib/libssl.a -lcrypto -lcrypt -lpthread
>  MOD_SSL_LDADD = $(SSL_LIBS) -export-symbols-regex ssl_module
>  MPM_NAME = prefork
>
> and clean, rebuild and reinstall (make clean all && make install). You
> should get warnings about this not being portable - and it isnt. These
> binaries probably wont run on differently setup boxes. This then gives
> me the modules built like so:
> bin/httpd:
>       libm.so.5 => /lib/libm.so.5 (0x280f3000)
>       libaprutil-1.so.3 => /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
>       libdb-4.2.so.2 => /usr/local/lib/libdb-4.2.so.2 (0x28124000)
>       libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x281f8000)
>       libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x28218000)
>       libapr-1.so.3 => /usr/local/lib/libapr-1.so.3 (0x2830d000)
>       libcrypt.so.4 => /lib/libcrypt.so.4 (0x28331000)
>       libthr.so.3 => /lib/libthr.so.3 (0x2834a000)
>       libc.so.7 => /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
>       libc.so.7 => /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
>       libcrypto.so.5 => /lib/libcrypto.so.5 (0x281e2000)
>       libcrypt.so.4 => /lib/libcrypt.so.4 (0x2833c000)
>       libthr.so.3 => /lib/libthr.so.3 (0x28355000)
>       libc.so.7 => /lib/libc.so.7 (0x28080000)
>
> HTH
>
> Tom
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message