Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (athena.apache.org: local policy)
From: xPostings <posting09@mysign.ch>
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
Date: Wed, 24 Dec 2008 09:19:08 +0100
Thread-Topic: Can't Compile httpd 2.2.11 linked statically with ssl and	zlib
Thread-Index: Aclh2w0BBHFroro0RheA6D76bJcAcQDxMPpw
Message-ID: 
 <E594BA962D832C49A3CF858DAA3A696C01FA8933DD@Exchange2007.mysigndomain.corp>
In-Reply-To: <1229691665.41849.39.camel@strangepork.mintel.co.uk>
Accept-Language: de-DE, de-CH
Content-Language: de-DE
acceptlanguage: de-DE, de-CH
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [users@httpd] Re: Can't Compile httpd 2.2.11 linked statically with
 ssl and	zlib

Hi

I think the main problem is not, that the httpd has a depency to libz and l=
ibssl. In my "old" compilation with httpd 2.2.3 and also 2.2.8 there was NO=
 depency to libz and libssl, it was compiled INTO httpd, also the httpd was=
 bigger than the 2.2.11. But I used exactly the same confs and parameters. =
So maybe the correct question should be: How can I compile libz and libssl =
(with mod_ssl) into httpd?

cheers
mike


> -----Urspr=FCngliche Nachricht-----
> Von: Tom Evans [mailto:tevans.uk@googlemail.com]
> Gesendet: Freitag, 19. Dezember 2008 14:01
> An: users@httpd.apache.org
> Betreff: Re: AW: Can't Compile httpd 2.2.11 linked statically with ssl
> and zlib
>
>
> On Fri, 2008-12-19 at 10:56 +0100, xPostings wrote:
> > > > compiled zlib:
> > > > ./configure
> > > > make
> > > > make install
> > >
> > > What's your prefix here?  It'd probably default to /usr/local
> >
> > default prefix is /usr/local (compiled library will be in
> /usr/local/lib and include files are in /usr/local/include)
> >
> > > > compiled openssl 0.9.8i:
> > > > ./config no-zlib shared
> > > > make
> > > > make install
> > >
> > > Again, what's the prefix?  And, specifying 'shared' will build the
> > > *.so libraries which are then picked up by the Apache
> build system.
> >
> > default prefix is /usr/local/ssl
> > If I do not use "shared" the ./configure of apache fails.
> To compile mod_ssl statically into httpd can't be done
> without having compiled the shared libs of openssl.
> >
> > > >
> > > > compiled apache httpd:
> > > > ./buildconf
> > > > ./configure --prefix=3D/usr/local/apache2.2.11 \
> > > > --enable-static-support \
> > > > --with-mpm=3Dworker \
> > > > --enable-mods-shared=3Dall \
> > > > --enable-so \
> > > > --enable-deflate=3Dstatic \
> > > > --with-z=3D/usr/local/lib \
> > >
> > > Usually, you point to the top of the zlib installation which
> > > would be /
> > > usr/local, under which the compiler finds the include/headers
> > > and the
> > > linker finds the lib/libraries.
> >
> > You're right, that was a mistake, I recompiled with
> --with-z=3D/usr/local, but the result is the same.
> >
> >
> > > > --enable-ssl=3Dstatic \
> > > > --with-ssl=3D/usr/local/ssl \
> > >
> > > This must match your prefix above, or the default.
> >
> > that's correct.
> >
> > >
> > > > --enable-rewrite=3Dstatic \
> > > > --enable-auth-basic=3Dstatic \
> > > > --enable-authn-file=3Dstatic \
> > > > --enable-authz-user=3Dstatic \
> > > > --enable-authz-groupfile=3Dstatic \
> > > > --enable-authz-host=3Dstatic \
> > > > --enable-expires=3Dstatic \
> > > > --enable-headers=3Dstatic
> > > >
> > > > If I look to the depencies with ldd there is a
> dynamically linked
> > > > libz and libssl:
> > > >
> > > >        linux-gate.so.1 =3D>  (0xffffe000)
> > > >        libssl.so.0.9.8 =3D> /usr/lib/i686/cmov/libssl.so.0.9.8
> > > > (0xb7eb9000)
> > > >        libcrypto.so.0.9.8 =3D>
> /usr/lib/i686/cmov/libcrypto.so.0.9.8
> > > > (0xb7d7e000)
> > >
> > > That's your system installation of openssl 0.9.8*.  Two things may
> > > have happened:
> > >
> > > 1) You linked against the .so shared libraries in your
> installation,
> > > but at runtime you're picking up the system copy.  It seems that
> > > embedding the hard path to the shared libraries in the
> > > calling binary
> > > doesn't work too well on Linnicks.  This can be remedied
> by adding /
> > > usr/local/ssl/lib (or whatever, see the discussion on prefix
> > > above) to
> > > the LD_LIBRARY_PATH environment variable when you start
> > > Apache.  This
> > > can be done in the script that starts the server, or on
> the command
> > > line for testing.
> >
> > We do use the compiled versions of httpd on other machines
> (production), that's the reason we do not wan't to have
> dynamic linked binaries. It was never necessary to modify
> LD_LIBRARY_PATH before because everything httpd needs (zlib
> and ssl) should be compiled into httpd.
> >
> > >
> > > 2) The System openssl was found in favor of yours when
> configuring.
> > > This should not happen.  Study your ./configure output where
> > > it tries
> > > to find the proper openssl library and see what exactly
> happens there.
> >
> >
> > The output of ./configure seems to be correct:
> >
> > checking for SSL/TLS toolkit base... /usr/local/ssl
> >   adding "-I/usr/local/ssl/include" to CPPFLAGS
> >   adding "-I/usr/local/ssl/include" to INCLUDES
> >   adding "-L/usr/local/ssl/lib" to LDFLAGS
> > checking for OpenSSL version... checking openssl/opensslv.h
> usability... yes
> > checking openssl/opensslv.h presence... yes
> > checking for openssl/opensslv.h... yes
> > checking openssl/ssl.h usability... yes
> > checking openssl/ssl.h presence... yes
> > checking for openssl/ssl.h... yes
> > OK
> >   forcing SSL_LIBS to "-lssl -lcrypto  -lrt -lcrypt  -lpthread -ldl"
> >   adding "-lssl" to LIBS
> >   adding "-lcrypto" to LIBS
> >   adding "-lrt" to LIBS
> >   adding "-lcrypt" to LIBS
> >   adding "-lpthread" to LIBS
> >   adding "-ldl" to LIBS
> > checking openssl/engine.h usability... yes
> > checking openssl/engine.h presence... yes
> > checking for openssl/engine.h... yes
> > checking for SSLeay_version... yes
> > checking for SSL_CTX_new... yes
> > checking for ENGINE_init... yes
> > checking for ENGINE_load_builtin_engines... yes
> > checking for SSL_set_cert_store... no
> >   forcing MOD_SSL_LDADD to "$(SSL_LIBS)"
> > checking whether Distcache is required... no (default)
> > checking whether to enable mod_ssl... yes
> >   adding "-I$(top_srcdir)/modules/ssl" to INCLUDES
> >
> > >
> > > >
> > > >        libm.so.6 =3D> /lib/tls/i686/cmov/libm.so.6 (0xb7d59000)
> > > >        libaprutil-1.so.0 =3D> /usr/local/apache2.2.11/lib/
> > > > libaprutil-1.so.0 (0xb7d3d000)
> > > >        libexpat.so.0 =3D>
> /usr/local/apache2.2.11/lib/libexpat.so.0
> > > > (0xb7d21000)
> > > >        libapr-1.so.0 =3D>
> /usr/local/apache2.2.11/lib/libapr-1.so.0
> > > > (0xb7cfc000)
> > > >        librt.so.1 =3D> /lib/tls/i686/cmov/librt.so.1 (0xb7cf3000)
> > > >        libcrypt.so.1 =3D> /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7cc4000)
> > > >        libpthread.so.0 =3D> /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7cb2000)
> > > >        libdl.so.2 =3D> /lib/tls/i686/cmov/libdl.so.2 (0xb7cae000)
> > > >        libc.so.6 =3D> /lib/tls/i686/cmov/libc.so.6 (0xb7b7d000)
> > > >        libz.so.1 =3D> /usr/lib/libz.so.1 (0xb7b69000)
> > >
> > > Again, that's the system copy.  Same story, plus it may not
> > > have found
> > > yours because your parameter was off.  Again, see your ./configure
> > > output.
> >
> > Output seems to be correct:
> > checking whether to enable mod_deflate... checking dependencies
> >   adding "-I/usr/local/include" to INCLUDES
> >   adding "-L/usr/local/lib" to LDFLAGS
> >   adding "-lz" to LIBS
> > checking for zlib library... found
> >   forcing MOD_DEFLATE_LDADD to "-lz"
> >   removed "-lz" from LIBS
> > checking whether to enable mod_deflate... yes
> >
> > >
> > > >
> > > >        /lib/ld-linux.so.2 (0xb7efe000)
> > > >
> > > > What's going wrong? libssl and libz shouldn't be linked
> > > dynamically.
> > > > With httpd 2.2.3 and the same configuration I haven't had these
> > > > problems. ldd from the old 2.2.3 shows following depencies:
> > > >
> > > >        linux-gate.so.1 =3D>  (0xffffe000)
> > > >        libm.so.6 =3D> /lib/tls/i686/cmov/libm.so.6 (0xb7edf000)
> > > >        libaprutil-1.so.0 =3D> /usr/local/apache2.2.3/lib/
> > > > libaprutil-1.so.0 (0xb7ec9000)
> > > >        libexpat.so.0 =3D> /usr/local/apache2.2.3/lib/libexpat.so.0
> > > > (0xb7eac000)
> > > >        libapr-1.so.0 =3D> /usr/local/apache2.2.3/lib/libapr-1.so.0
> > > > (0xb7e8a000)
> > > >        librt.so.1 =3D> /lib/tls/i686/cmov/librt.so.1 (0xb7e81000)
> > > >        libcrypt.so.1 =3D> /lib/tls/i686/cmov/libcrypt.so.1
> > > (0xb7e53000)
> > > >        libpthread.so.0 =3D> /lib/tls/i686/cmov/libpthread.so.0
> > > > (0xb7e40000)
> > > >        libdl.so.2 =3D> /lib/tls/i686/cmov/libdl.so.2 (0xb7e3c000)
> > > >        libc.so.6 =3D> /lib/tls/i686/cmov/libc.so.6 (0xb7d0b000)
> > > >        /lib/ld-linux.so.2 (0xb7f0a000)
> > >
> > > No openssl libraries linked to this one.  Are you sure
> they weren't
> > > just linked into mod_ssl.so?
> >
> > I'm pretty sure, in this case there's no mod_ssl.so because
> it's compiled into httpd,
> >
> > cheers
> > mike
> >
> configure just builds up the list of locations where to find libraries
> that have the features it needs. So, you tell it SSL is
> in /usr/local/ssl, it goes away and looks there and says
> "you're right,
> theres SSL libraries there, adding /usr/local/ssl/lib to
> LDPATH, /usr/local/ssl/include to CFLAGS".
> When it comes to build/link the components though, it has no idea that
> it is supposed to be using the SSL libraries from /usr/local/ssl, just
> that it has a list of folders which it CAN use. It searches them in
> order, looking for a library that works in the manner
> required. Once the
> linker has found a suitable library, it links it in.
>
> Your problem is that your system SSL libraries are picked up
> before your
> custom built ones are found. A simple way to fix this is to modify the
> makefile rules for those modules, to remove the dynamic linking
> statements and add some dirty static linking.
>
> Eg, I just grabbed 2.2.11, ran
>   ./configure \
>   --prefix=3D/tmp/foobar \
>   --enable-so \
>   --enable-mods-shared=3D"ssl deflate"
> built and installed it. This gave me an httpd binary and module files
> linked like so (this is FreeBSD, so YMMV):
> bin/httpd:
>       libm.so.5 =3D> /lib/libm.so.5 (0x280f3000)
>       libaprutil-1.so.3 =3D> /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
>       libdb-4.2.so.2 =3D> /usr/local/lib/libdb-4.2.so.2 (0x28124000)
>       libexpat.so.6 =3D> /usr/local/lib/libexpat.so.6 (0x281f8000)
>       libiconv.so.3 =3D> /usr/local/lib/libiconv.so.3 (0x28218000)
>       libapr-1.so.3 =3D> /usr/local/lib/libapr-1.so.3 (0x2830d000)
>       libcrypt.so.4 =3D> /lib/libcrypt.so.4 (0x28331000)
>       libthr.so.3 =3D> /lib/libthr.so.3 (0x2834a000)
>       libc.so.7 =3D> /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
>       libz.so.4 =3D> /lib/libz.so.4 (0x28187000)
>       libc.so.7 =3D> /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
>       libssl.so.5 =3D> /usr/lib/libssl.so.5 (0x281ac000)
>       libcrypto.so.5 =3D> /lib/libcrypto.so.5 (0x281ed000)
>       libcrypt.so.4 =3D> /lib/libcrypt.so.4 (0x28347000)
>       libthr.so.3 =3D> /lib/libthr.so.3 (0x28360000)
>       libc.so.7 =3D> /lib/libc.so.7 (0x28080000)
>
> I dont want to use dynamic libz in mod_deflate, and I dont want to use
> dynamic libssl in mod_ssl. I therefore edit (from apache top build
> directory) build/config_vars.mk and make these changes:
>
> --- build/config_vars.mk.orig
> +++ build/config_vars.mk
> @@ -50,5 +50,5 @@
>  MOD_INCLUDE_LDADD =3D
>  MOD_FILTER_LDADD =3D
> -MOD_DEFLATE_LDADD =3D -lz
> +MOD_DEFLATE_LDADD =3D /usr/lib/libz.a
>  MOD_LOG_CONFIG_LDADD =3D
>  MOD_ENV_LDADD =3D
> @@ -60,5 +60,5 @@
>  MOD_PROXY_AJP_LDADD =3D
>  MOD_PROXY_BALANCER_LDADD =3D
> -SSL_LIBS =3D -lssl -lcrypto -lcrypt -lpthread
> +SSL_LIBS =3D /usr/lib/libssl.a -lcrypto -lcrypt -lpthread
>  MOD_SSL_LDADD =3D $(SSL_LIBS) -export-symbols-regex ssl_module
>  MPM_NAME =3D prefork
>
> and clean, rebuild and reinstall (make clean all && make install). You
> should get warnings about this not being portable - and it isnt. These
> binaries probably wont run on differently setup boxes. This then gives
> me the modules built like so:
> bin/httpd:
>       libm.so.5 =3D> /lib/libm.so.5 (0x280f3000)
>       libaprutil-1.so.3 =3D> /usr/local/lib/libaprutil-1.so.3
> (0x28108000)
>       libdb-4.2.so.2 =3D> /usr/local/lib/libdb-4.2.so.2 (0x28124000)
>       libexpat.so.6 =3D> /usr/local/lib/libexpat.so.6 (0x281f8000)
>       libiconv.so.3 =3D> /usr/local/lib/libiconv.so.3 (0x28218000)
>       libapr-1.so.3 =3D> /usr/local/lib/libapr-1.so.3 (0x2830d000)
>       libcrypt.so.4 =3D> /lib/libcrypt.so.4 (0x28331000)
>       libthr.so.3 =3D> /lib/libthr.so.3 (0x2834a000)
>       libc.so.7 =3D> /lib/libc.so.7 (0x2835d000)
> modules/mod_deflate.so:
>       libc.so.7 =3D> /lib/libc.so.7 (0x28080000)
> modules/mod_ssl.so:
>       libcrypto.so.5 =3D> /lib/libcrypto.so.5 (0x281e2000)
>       libcrypt.so.4 =3D> /lib/libcrypt.so.4 (0x2833c000)
>       libthr.so.3 =3D> /lib/libthr.so.3 (0x28355000)
>       libc.so.7 =3D> /lib/libc.so.7 (0x28080000)
>
> HTH
>
> Tom
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org